On Mon, 21 May 2007 14:56:49 +0200 Erich Schubert <erich@debian.org> wrote: > Hello Neil, > > > > Yep, I'm generating them on compile time in my packages and storing them > > > > in an auxillary file. shipping another 1k file with the package felt > > > > nicer to me than computing it on install time. > > > > > > That's fine as long as the dependencies don't change due to local > > > modifications. > > > How would that method cope with a cross-build? Emdebian has already > > built some selinux packages from the Debian sources for a rootfs and > > We're talking about policy package dependencies, not about debian > package dependencies. Oops. Sorry. > These dependencies mean that the foobar.pp policy > package can't be installed unless quux.pp is also installed. > If you want to change that for Emdebian, you'll be building a different > policy, and then you can just include a different dependency file with > that policy. Now refpolicy is already very tight on permissions; I don't > think you'll really want to further narrow down permissions for Emdebian > (though you e.g. could put perl into a separate domain and then prevent > some domains from executing perl... right now, any process that can > run /usr/bin/less can also run /usr/bin/perl) Thanks for the clarification. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
pgp5iWDJXiKLb.pgp
Description: PGP signature