On 06/02/2009 08:05 AM, Paul Howarth wrote:
KaiGai Kohei wrote:
Daniel J Walsh wrote:
On 06/01/2009 07:44 PM, KaiGai Kohei wrote:
In the latest selinux-policy package, I could find an empty directory
at /usr/share/selinux/packages .
What is the purpose? Is it intended to store policy packages installed
by other RPMs (such as mod_selinux)?
Thanks,
Yes the idea was to provide a location for third parties to put their PP
files.
Hmm... Now, I provide two types of policy packages (targeted and mls).
Do you have any guideline to deploy these files?
For example, the mod_selinux installs its policy modules at:
/usr/share/selinux/targeted/mod_selinux.pp
and
/usr/share/selinux/mls/mod_selinux.pp
Well not sure what the differences are between the two policies, but
maybe we should consider a mechanism for installing one policy and
having it turn on different componants depending on the type.
Most policy packages would work on all types of policy, so installing in
a policy type specific directory does not make sense for them.
If we put them on a single directory, it conflicts due to the name.
I think /usr/share/selinux/packages is a hangover from when packaging
modules in RPMs was first being considered. The draft guidelines (which
are old but still relevant) suggest that mod_selinux is doing the right
thing.
http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules
Paul.
Bottom line, is you can install them anywhere you want, I don't care.
We were asked to allocate a directory for third parties to install their
packages if they so choose. Personally I always thought they should go
into directories owned by the package
/usr/share/mod_selinux/MLS and /usr/share/mod_selinux/targeted for example.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
