On Monday 05 April 2004 11:34, Stephen Smalley wrote:
> On Mon, 2004-04-05 at 11:27, Gene Czarcinski wrote:
> > 3. From what I see, there is no reason to have the policy package at all
> > since policy-sources will build the needed files (except for
> > /etc/security/{default_contexts,default_type,failsafe_context} and they
> > could be in policy-sources too.
>
> As I understand it, the intent of policy is to support minimal installs,
> where the policy-sources and associated dependencies are not desirable.
> However, note that policy updates can't preserve local customizations,
> e.g. tunables or users, whereas policy-sources updates do. If you have
> never customized your policy at all, then you should just be able to
> update policy. If you have customized your policy and rebuilt it, then
> the %config(noreplace) should protect the binary policy against direct
> policy updates, and should protect tunables and users against
> policy-sources updates.
That is what I figured ...
However, I am not sure that policy-sources should automatically build the
policy and file_contexts from source and then load it.
Gene
