| 1 |
On Mon, Jul 13, 2015 at 03:02:55PM +0200, Sven Vermeulen wrote: |
| 2 |
> On Mon, Jul 13, 2015 at 1:31 PM, Jason Zaman <perfinion@g.o> wrote: |
| 3 |
> > Secondly, related to "poor support for preserving local changes across |
| 4 |
> > system updates". The tools now have the concept of priority so users can |
| 5 |
> > easy completely replace a distro-provided module at a higher priority |
| 6 |
> > (semodule -X 900 -i foo.pp). I haven't (yet) updated our selinux eclass |
| 7 |
> > to install at a lower priority but will hopefully do that soon. |
| 8 |
> |
| 9 |
> We work with the default 400 (100 is for the migrated modules). Do you |
| 10 |
> see a reason why we have to explicitly support a particular priority |
| 11 |
> in our eclass? |
| 12 |
|
| 13 |
Hmm. I thought the point of the priorities was that things the user has |
| 14 |
done should be separate from what the distro provides. Either the distro |
| 15 |
uses 400 and any overrides the user does in a higher level or we change |
| 16 |
the eclass to use a lower level and the user gets the default. That way |
| 17 |
its easier for the user to see what customizations have been made. |
| 18 |
|
| 19 |
I was going to make a patch first then discuss but the basic idea was to |
| 20 |
semodule -X 100 -i $MOD.pp then remove the module from level 400 |
| 21 |
afterwards if it exists. Thoughts? And if we do, do we want to use level |
| 22 |
100? 200? |
| 23 |
|
| 24 |
-- Jason |
Archives