On Wed, 2010-05-19 at 06:21 -0700, Justin P. Mattock wrote: > On 05/19/2010 03:04 AM, Shaz wrote: > >> It's very true that both SELInux policy and policy store are > >> arch-independent. It takes about 70 minutes to build the policy store from > >> scratch on my embedded target, but I could copy and use the host policy > >> store on the target, only that it will take 20 minutes each time to change > >> SELinux attribute on the fly by the semanage tool, so I think I'd better > >> save all the trouble by committing the changes to SELInux source code on the > >> host instead. > > > > Sounds interesting. Let me try it too. > > > > > yep.. I built a policy on x86_64 > then copied it to all my other machines(i586) > (no problem), but things like libselinux > will probably be a different story. Well, yes, because libselinux is executable code. policy is just data. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
