> In theory that would work since the policy is wrapped in a > optional_policy block. > Ah, right - something new I learned today then! > To be honest these modules (authlogin and locallogin) should not be in > base in the first place. > > I dont have them in base in my personal policy either: > > [root@localhost Desktop]$ semodule -l | grep authlogin > authlogin 2.2.0 > [root@localhost Desktop]$ semodule -l | grep locallogin > locallogin 1.10.0 > Yeah, but other modules (gdm for one, I think) is also 'base' and if you make locallogin as 'module' you will get that error too (I tried doing something like this this afternoon and soon realised that I will be in a world of hurt if I continue that path, so I prepared a separate module instead). > Stuffing everything in base just to work around some issue that should > be handled more appropriately is a bad idea in my opinion. > > If this patch does not work then not much else will work and policy is > fundamentally broken. > Hehe! I am sure you've tested it before sending this over. I'll do the same tomorrow and see how it goes. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
