On Thu, 2006-11-30 at 14:05 -0500, Steve Friedman wrote: > Let me give an example. We use postfix at my organization. It has a > number of configuration files. Using a makefile (an early version of > which was copied from the web), the script (via make) issues the relevant > commands to build the necessary hash files, etc. I would envision a > similar situation here: I would distribute one or more ASCII > configuration files for the local customization along with a makefile that > would determine what commands needed to be issued to build the appropriate > policy. > > In effect, I was asking for the details of the makefile. After updating > (say) booleans.local, what needs to be executed, etc. Yes, at present, it would be a matter of copying the new booleans.local into place and running semodule -B on the target machine. Going forward, we need utilities that can export/dump and import the data without requiring manual copying of the raw files. In the booleans case, that just means an option to getsebool to dump local booleans in a format easily consumed by setsebool (or some new option to setsebool); this requires finally migrating getsebool over to using libsemanage rather than directly reading the kernel state via selinuxfs (or at least supporting such an option as well). -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
