On Fri, 2005-05-13 at 12:05 +0200, Aurelien Bompard wrote: > OK, so there is nothing the upstream maintainers can/have to do. Not entirely. They can eliminate the need for text relocations on their shared objects, thereby avoiding the need to mark their shared objects with texrel_shlib_t in the policy and reducing the resulting security risk. > How should third party vendors package their RPMs to make sure they work > with SELinux, then ? Can we exclude /opt from the audits ? Ultimately, they will be able to ship a "binary policy module" for their package that includes an explicit set of dependency requirements on what the base policy must provide. Binary policy module support was developed by Tresys Technology (www.tresys.com/selinux) and is planned to be upstreamed in June, for eventual inclusion in FC5/devel. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
