On Tue, 2006-05-09 at 18:07 -0400, Valdis.Kletnieks@xxxxxx wrote: > Am looking at selinux-policy-2.2.38-1.src.rpm. Does anybody know > why there isn't a %build section in the .SPEC file? I was *hoping* > to do a 'rpmbuild -bc' to assist in debugging an outstanding problem > I'm having with strict policy, but apparently all the building gets > done in the %install. Blech. 1) strict policy is known to be broken simply due to the current brokenness of optionals-in-base support in checkpolicy/libsepol. Patches are coming soon. It isn't really strict policy per se, but fully modularized policy where the base has to contain optional sections that need to be dynamically enabled at link time. 2) At present, you can build a working copy of a given policy build tree via: rpmbuild -bb --define "BUILD_xxx 0" --define "BUILD_yyy 0" selinux-policy.spec where xxx and yyy are MLS, STRICT, or TARGETED, and you are disabling the ones you don't want. e.g. to build a working copy of a build tree for just strict, you'd use: rpmbuild -bb --define "BUILD_MLS 0" --define "BUILD_TARGETED 0" selinux-policy.spec This tries to build a binary package, of course, but leaves the build tree intact so that you can then go use it. We do need a cleaner way of doing this, or at least for it to be documented in the FAQ. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list