[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sid SELinux packages are now working

Hello Neil,
> > > Yep, I'm generating them on compile time in my packages and storing them
> > > in an auxillary file. shipping another 1k file with the package felt
> > > nicer to me than computing it on install time.
> > 
> > That's fine as long as the dependencies don't change due to local 
> > modifications.

> How would that method cope with a cross-build? Emdebian has already
> built some selinux packages from the Debian sources for a rootfs and

We're talking about policy package dependencies, not about debian
package dependencies. These dependencies mean that the foobar.pp policy
package can't be installed unless quux.pp is also installed.
If you want to change that for Emdebian, you'll be building a different
policy, and then you can just include a different dependency file with
that policy. Now refpolicy is already very tight on permissions; I don't
think you'll really want to further narrow down permissions for Emdebian
(though you e.g. could put perl into a separate domain and then prevent
some domains from executing perl... right now, any process that can
run /usr/bin/less can also run /usr/bin/perl)

best regards,
Erich Schubert
   erich@(vitavonni.de|debian.org)    --    GPG Key ID: 4B3A135C    (o_
            Reality continues to ruin my life --- Calvin            //\
   Mathematik: Das Alphabet, mit dessen Hilfe Gott das Universum    V_/_
                beschrieben hat. --- Galileo Galilei

Reply to: