SELinux Module Packaging in FC5

Paul Howarth paul at city-fan.org
Thu May 18 12:39:50 UTC 2006


Paul Howarth wrote:
> Stephen Smalley wrote:
>> On Tue, 2006-05-16 at 17:33 +0100, Paul Howarth wrote:
>>> It contains a policy module, but the module only includes file contexts.
>>
>> Clarification:  it is a policy package (.pp), but the policy package
>> only includes file contexts.  The module itself is just the .mod file
>> created by checkmodule; it never includes file contexts.
> 
> Ah, right, thanks for the clarification.
> 
>> If this is going to be common, then semodule_package and libsemanage
>> need to allow for policy packages that have no policy module.

Is the absence of a policy module the actual cause of this error? If so, 
would having a "dummy" policy module that was effectively a no-op (e.g. 
by including an allow rule that was already in the base policy) be a 
usable workaround?

Should this be bugzilla-ed?

Paul.




More information about the fedora-selinux-list mailing list