1 |
On Mon, Nov 07, 2011 at 06:52:40PM -0700, Stan Sander wrote: |
2 |
> I've started poking around in the refpolicy source to help me learn |
3 |
> about the correct policy module style by looking at other examples. |
4 |
> I've noticed that there are modules that get unpacked from the |
5 |
> selinux-base-policy ebuild (doing just the prepare step as in the Gentoo |
6 |
> docs) that don't seem to have their own e-build. It's simple enough to |
7 |
> build these if I need them directly from this source, but I was curious |
8 |
> why some have e-builds and some don't. Is it just a simple matter of no |
9 |
> one having stepped up yet and said here is an e-build for *foo*? |
10 |
|
11 |
Hi Stan, |
12 |
|
13 |
There are three possible reasons why you will not find an appropriate ebuild |
14 |
for a specific SELinux policy: |
15 |
|
16 |
- The module itself is part of the base policy and as such is included in |
17 |
the selinux-base-policy build (not extract only). You can see which |
18 |
modules are part of base by looking at the |
19 |
selinux-base-policy/files/modules.conf file in the portage tree. |
20 |
|
21 |
- The module itself is for a software package that is not in the Portage |
22 |
tree (yet) |
23 |
|
24 |
- We forgot to create one ;-) |
25 |
|
26 |
So by all means, if you think we need an ebuild for a specific policy |
27 |
module, ask and I'll gladly add it to the tree. |
28 |
|
29 |
Wkr, |
30 |
Sven Vermeulen |