New version of refpolicy headed towards incoming
With this version of the (surprisingly lintian clean) reference
policy uploaded, all the SELinux packages, apart from setools, are now
at the latest released versions (in Sid, that is). I have not yet
packaged SVN HEAD for these packages, since I'd like to lurk for a bit
on the selinux mailing lists before I package them.
I am also toying with the idea of breaking out the reference
policy packages into smaller chunks; so that we have a base policy
(which is all that would be in standard); and rest can be broken out
into smaller chunks (at one extreme is having a per package
granularity, so apache policy would be one package, postfix policy
another, and one may make use of the Enhances relationship :-)
The ideal solution would lie somewhere in between one giant
targeted/strict policy and each module in a separate package. Figuring
out which set of modules to carve out into a Debian package is going to
be an interesting challenge.
In the meanwhile, I have added a few Debian specific bug fixes
to the reference policy; I'll look at SVN head and see if they need to
be pushed upstream. In the meanwhile, please do send in AVC denial
logs for the new policy in bug reports, we need to start cleaning up
the reference policy now if we are to meet Lenny release deadlines.
If people have private versions of refpolicy with fixes, I would
appreciate it if you could diff your policy against the version
uploaded and send me the diffs.
Check it out, send me comments, and dance joyously in the streets, Linus
Torvalds announcing 2.0.27
Manoj Srivastava <email@example.com> <firstname.lastname@example.org>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C