[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sid SELinux packages are now working

On Mon, 21 May 2007 14:56:49 +0200
Erich Schubert <erich@debian.org> wrote:

> Hello Neil,
> > > > Yep, I'm generating them on compile time in my packages and storing them
> > > > in an auxillary file. shipping another 1k file with the package felt
> > > > nicer to me than computing it on install time.
> > > 
> > > That's fine as long as the dependencies don't change due to local 
> > > modifications.
> > How would that method cope with a cross-build? Emdebian has already
> > built some selinux packages from the Debian sources for a rootfs and
> We're talking about policy package dependencies, not about debian
> package dependencies.

Oops. Sorry.

> These dependencies mean that the foobar.pp policy
> package can't be installed unless quux.pp is also installed.
> If you want to change that for Emdebian, you'll be building a different
> policy, and then you can just include a different dependency file with
> that policy. Now refpolicy is already very tight on permissions; I don't
> think you'll really want to further narrow down permissions for Emdebian
> (though you e.g. could put perl into a separate domain and then prevent
> some domains from executing perl... right now, any process that can
> run /usr/bin/less can also run /usr/bin/perl)

Thanks for the clarification.


Neil Williams

Attachment: pgpvzFsG9dZlt.pgp
Description: PGP signature

Reply to: