[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sid SELinux packages are now working

On Wed, May 09, 2007 at 02:34:18AM +0200, Erich Schubert wrote:

> I don't think this is a good idea. If I have (for whatever reason) to
> modify a policy module, I'd like to be able to bump the version number a
> bit to avoid it from being updated. Like bumping it to 2.x; it will be
> some time until refpolicy uses 2.x version numbers and by then the
> policy module will be worthless anyway.
> That way, if we'd e.g. have to do a security update for the policy
> package, this customized module wouldn't be updated.

Well, I don't know much about SElinux (yet) but how about storing the
modified module at a different location (say under
/var/selinux/local-policy)? That way the update script can be taught to
simply ignore the shipped module if a customized module with the same
name exists, and use your customized version instead. No need to play
with version numbers, no need to check if the file was changed.


     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences

Reply to: