On 8/24/09 9:04 AM, "Daniel J Walsh" <dwalsh@xxxxxxxxxx> wrote: > On 08/21/2009 11:27 PM, Manoj Srivastava wrote: >> On Fri, Aug 21 2009, Daniel J Walsh wrote: >> >> >>> So proposal >>> >>> semodule -r : No Change in default behaviour >>> -F : Permanantly removes policy package, leaving POLICY.exclude >>> flag in module store >>> >>> semodule -u : Install if package not installed, upgrade otherwise) >>> semodule -f : Only upgrade modules that are currently installed) >>> semodule -i : No change. >>> All will get a warning message if a module they are trying to >>> install has a POLICY.exclude flag >>> -q : Shut up Warning messages >>> -F : Remove POLICY.exclude flag and install the package >> >> Sounds good to me. >> >> manoj > After talking to Chris P, on IRC, I have rethought these changes. He > mentioned that they are looking into "disabling" modules. So I think we > should follow that line of thinking. > > semodule -r (--remove) : No Change in default behaviour > semodule -u (--upgrade): Install if package not installed, upgrade otherwise) > semodule -f (--freshen): Only upgrade modules that are currently installed) > semodule -i (--install): No change. > semodule -q (--quier): Shut up Warning messages > semodule -d (--disable) : Disable policy module, Store policy module as > POLICY.pp.disabled in /etc/selinux/TYPE/modules/active/modules > semodule -e (--enable) : Rename POLICY.pp.disabled to POLICY.pp and rebuild > > libsemanage would then not build policy modules that were disabled. It would > look for POLICY.pp.disabled when installing or upgrading modules and maintain > the name. --remove would remove both disabled, and enabled modules. List > would now list the disabled modules with a flag indicating they are disabled. > I like this idea very much, as -u has always bothered me. So, this looks good to me, though it's a bit odd to add features to semodule while at the same time working to deprecate it in favor of everything going through semanage. Thanks, Chad -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
