On Fri, 2009-08-14 at 11:50 -0500, Manoj Srivastava wrote:
> On Fri, Aug 14 2009, Manoj Srivastava wrote:
>
> > I am running into an issue with sepolgen on Debian. Debian ships
> > more than one version of the refpolicy, a default one, and a
> > MLS enabled one. So, the include files live in either
> > /usr/share/selinux/{default,mls}/include
> >
> > sepolgen (in src/sepolgen/defaults.py) sets refpolicy_devel() to
> > a single location -- and thus, only one version of the security policy
> > may be supported. So, sepolgen-ifgen from policycoreutils can only work
> > with one policy, which may not be the one installed on the target
> > machine. Could this be made configurable, somehow? As far as I can
> > see, sepolgen's python library does not offer any way to set the value.
> >
> > It would be nice if the location of the include directory could
> > be looked for from a PATH like variable setting, to make it easier for
> > distributions to ship more than one policy, or for end users to
> > experiment with other policies without have to overwrite the single
> > default.
>
> Well, here is a kind of proof-of-concept patch (python is not my
> strong suit), and I have only tested in that it allows the package to
> compile, and the following code works:
[...]
> def refpolicy_makefile():
> - return refpolicy_devel() + "/Makefile"
> + chooser = PathChoooser("/etc/selinux/sepolgen.conf")
> + return chooser("Makefile")
>
> def headers():
> - return refpolicy_devel() + "/include"
> -
> + chooser = PathChoooser("/etc/selinux/sepolgen.conf")
> + return chooser("include")
> +
Why are you making another config file rather than just get the policy
name from /etc/selinux/config via selinux_getpolicytype()?
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
