> >> Will there be any way to determine which policy is currently active? > >> Also, I > >> am concerned that the well known location for the policy source > >> (/etc/security/selinux/src/policy/) will go away and break tools that > >> expect > >> it. All of our tools are configurable, of course, but this change will > >> make > >> it hard to provide good configuration defaults. What about making > >> /etc/security/selinux/src/policy a symlink to the currently active > >> policy? > >> > >> Karl > >> > >> > > We could change a sym link. We were thinking of using > > /etc/sysconfig/selinux to specify which policy is in use, and where the > > directories are. Right now I am just trying to get the SRPM to build > > both policy groups. The only tools that should be affected are those > > that deal with the src dir, which is the SEtools. > > -- > Perhaps if you consider Karl as the upstream developer for setools and > remember that these tools are intended to work on other distributions as > well, it would be appropriate to not use /etc/sysconfig/selinux. > Also, consider current practice where /etc/security/selinux/src is the > location for the policysources thus selinux/src should contain > /src/policy-x, policy-y and policy-z with /src/policy a link to any one > of the policy-n directories as Karl suggested. > Using /selinux/targeted/src and /selinux/foo/src and > /selinux/whatever/src to contain different instances of source seems > backward to me. (IMHO) :) I agree with this - we need to be able to support as many distributions as possible and the /etc/security/selinux/src/policy directory has been used for many years as the default location for the source to the current policy (making it an easy way for us to provide that support). I think that this would be worthwhile to retain through symlinks. Additionally, I think it would be better for the strict, targeted, etc sources to remain under src as Richard suggested. When binary modules are added in /etc/security/selinux/modules it will be clearer if all of the source is under /etc/security/selinux/src. Karl Karl MacMillan Tresys Technology http://www.tresys.com (410)290-1411 ext 134 > Thanks, > Richard Hally > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > http://www.redhat.com/mailman/listinfo/fedora-selinux-list
