On 08/21/2009 11:27 PM, Manoj Srivastava wrote: > On Fri, Aug 21 2009, Daniel J Walsh wrote: > > >> So proposal >> >> semodule -r : No Change in default behaviour >> -F : Permanantly removes policy package, leaving POLICY.exclude >> flag in module store >> >> semodule -u : Install if package not installed, upgrade otherwise) >> semodule -f : Only upgrade modules that are currently installed) >> semodule -i : No change. >> All will get a warning message if a module they are trying to >> install has a POLICY.exclude flag >> -q : Shut up Warning messages >> -F : Remove POLICY.exclude flag and install the package > > Sounds good to me. > > manoj After talking to Chris P, on IRC, I have rethought these changes. He mentioned that they are looking into "disabling" modules. So I think we should follow that line of thinking. semodule -r (--remove) : No Change in default behaviour semodule -u (--upgrade): Install if package not installed, upgrade otherwise) semodule -f (--freshen): Only upgrade modules that are currently installed) semodule -i (--install): No change. semodule -q (--quier): Shut up Warning messages semodule -d (--disable) : Disable policy module, Store policy module as POLICY.pp.disabled in /etc/selinux/TYPE/modules/active/modules semodule -e (--enable) : Rename POLICY.pp.disabled to POLICY.pp and rebuild libsemanage would then not build policy modules that were disabled. It would look for POLICY.pp.disabled when installing or upgrading modules and maintain the name. --remove would remove both disabled, and enabled modules. List would now list the disabled modules with a flag indicating they are disabled. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
