On 06/02/2009 08:05 AM, Paul Howarth wrote:
Well not sure what the differences are between the two policies, but maybe we should consider a mechanism for installing one policy and having it turn on different componants depending on the type.KaiGai Kohei wrote:Daniel J Walsh wrote:On 06/01/2009 07:44 PM, KaiGai Kohei wrote:In the latest selinux-policy package, I could find an empty directory at /usr/share/selinux/packages . What is the purpose? Is it intended to store policy packages installed by other RPMs (such as mod_selinux)? Thanks,Yes the idea was to provide a location for third parties to put their PP files.Hmm... Now, I provide two types of policy packages (targeted and mls). Do you have any guideline to deploy these files? For example, the mod_selinux installs its policy modules at: /usr/share/selinux/targeted/mod_selinux.pp and /usr/share/selinux/mls/mod_selinux.pp
Most policy packages would work on all types of policy, so installing in a policy type specific directory does not make sense for them.
Bottom line, is you can install them anywhere you want, I don't care. We were asked to allocate a directory for third parties to install their packages if they so choose. Personally I always thought they should go into directories owned by the packageIf we put them on a single directory, it conflicts due to the name.I think /usr/share/selinux/packages is a hangover from when packaging modules in RPMs was first being considered. The draft guidelines (which are old but still relevant) suggest that mod_selinux is doing the right thing. http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules Paul.
/usr/share/mod_selinux/MLS and /usr/share/mod_selinux/targeted for example.
-- fedora-selinux-list mailing list fedora-selinux-list redhat com https://www.redhat.com/mailman/listinfo/fedora-selinux-list