1 |
On Sat, Apr 28, 2012 at 08:51:05PM -0400, Anthony G. Basile wrote: |
2 |
> Why are you trying to avoid a global variable? I'd think that's less of |
3 |
> a QA issue than a trigger file. |
4 |
|
5 |
Updated patch available on http://dpaste.com/748546/ |
6 |
|
7 |
It includes support for POLICY_FILES, allowing for 3rd party SELinux modules |
8 |
to be managed by Portage without interfering or making things more difficult |
9 |
for our policy. |
10 |
|
11 |
It also removes some of the dual logic that was available before (to handle |
12 |
bash arrays and single variables). By mapping arrays immediately towards |
13 |
single variables, I could also drop the use of either a trigger file or a |
14 |
global variable (as I can now just "query" the variable). |
15 |
|
16 |
Finally, the eclass now tries to load the SELinux module and, if it fails, |
17 |
it retries to load it but with all installed modules simultaneously. If that |
18 |
still fails, we inform the user that this might be expected if this isn't |
19 |
the last SELinux module installation (or upgrade). |
20 |
|
21 |
That last addition allows us to support SELinux upgrade easier. For |
22 |
instance, the failure(s) we had with 2.20110726 to 2.20120215 (modules |
23 |
failing to load because of unresolved or undefined references) are now |
24 |
handled automatically. |
25 |
|
26 |
The eclass is currently still in hardened-dev overlay. |
27 |
|
28 |
Wkr, |
29 |
Sven Vermeulen |