It seems to me that it's a bad idea to only have one interface_info file given that everyone supports at least two different policies (MLS and non-MLS). For Debian I'm thinking of using /var/lib/sepolgen/$SELINUXTYPE.interface_info and having sepolgen-ifgen, audit2allow, and any other tools which use it default to the current version of $SELINUXTYPE from /etc/selinux/config. sepolgen-ifgen would also use /usr/share/selinux/$SELINUXTYPE/include/ . Is there any good reason for not doing it this way? -- russell@xxxxxxxxxxxx http://etbe.coker.com.au/ My Main Blog http://doc.coker.com.au/ My Documents Blog -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.