| 1 |
On Mon, Nov 07, 2011 at 06:52:40PM -0700, Stan Sander wrote: |
| 2 |
> I've started poking around in the refpolicy source to help me learn |
| 3 |
> about the correct policy module style by looking at other examples. |
| 4 |
> I've noticed that there are modules that get unpacked from the |
| 5 |
> selinux-base-policy ebuild (doing just the prepare step as in the Gentoo |
| 6 |
> docs) that don't seem to have their own e-build. It's simple enough to |
| 7 |
> build these if I need them directly from this source, but I was curious |
| 8 |
> why some have e-builds and some don't. Is it just a simple matter of no |
| 9 |
> one having stepped up yet and said here is an e-build for *foo*? |
| 10 |
|
| 11 |
Hi Stan, |
| 12 |
|
| 13 |
There are three possible reasons why you will not find an appropriate ebuild |
| 14 |
for a specific SELinux policy: |
| 15 |
|
| 16 |
- The module itself is part of the base policy and as such is included in |
| 17 |
the selinux-base-policy build (not extract only). You can see which |
| 18 |
modules are part of base by looking at the |
| 19 |
selinux-base-policy/files/modules.conf file in the portage tree. |
| 20 |
|
| 21 |
- The module itself is for a software package that is not in the Portage |
| 22 |
tree (yet) |
| 23 |
|
| 24 |
- We forgot to create one ;-) |
| 25 |
|
| 26 |
So by all means, if you think we need an ebuild for a specific policy |
| 27 |
module, ask and I'll gladly add it to the tree. |
| 28 |
|
| 29 |
Wkr, |
| 30 |
Sven Vermeulen |
Archives