[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Process for creating Fedora selinux-policy packages
- From: Stephen Smalley <sds tycho nsa gov>
- To: Daniel J Walsh <dwalsh redhat com>
- Cc: fedora-selinux-list redhat com, Karl MacMillan <kmacmillan mentalrootkit com>
- Subject: Re: Process for creating Fedora selinux-policy packages
- Date: Mon, 08 Jan 2007 15:48:56 -0500
On Mon, 2007-01-08 at 15:49 -0500, Daniel J Walsh wrote:
> Richard Fearn wrote:
> > Hello,
> >
> > Due to an SELinux bug I reported in August, I've been tyring to
> > understand the selinux-policy packages to see how they're built. I
> > understand the principle of taking the upstream refpolicy, modifying
> > it and building the Fedora-specific packages. However, I'm struggling
> > to see where the refpolicy is coming from.
> >
> > For example, as I write this, the latest FC6 selinux-policy package
> > pushed to the repositories is 2.4.6-1. According to the "sources" file
> > in CVS, this package is built using serefpolicy-2.4.6.tgz. If I get
> > serefpolicy-2.4.6.tgz from the lookaside repository then the VERSION
> > file in it says 20061018. However, the contents of
> > serefpolicy-2.4.6.tgz differ a great deal from the "official" 20061018
> > version of the reference policy from Tresys.
> >
> > I could understand it if the Fedora selinux-policy packages were
> > directly based on the 20061018 version of the refpolicy from Tresys,
> > but there seems to be an intermediate stage of development that
> > produces the serefpolicy-2.x.x.tgz files in the lookaside repository.
> >
> > My question is: is there a CVS repository somewhere for a "Fedora
> > reference policy", that is used to build all these serefpolicy files?
> >
> The numbering is being done by me. I am just taking CVS dumps off of
> tresys policy and applying patches. When I update to the latest policy
> from Tresys. I build my own policy tarball off of the current cvs/svn
> version and apply my patch. Treysys at some later time releases a
> version with the date you have. So it is difficult to match up my
> release with what tresys is releasing.
Hmmm...possibly you could save the svn revision number from their svn
tree, either as a file in the tarball or as part of the package version
or release number, so that one could easily find the specific svn
revision it matches?
--
Stephen Smalley
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]