FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 04-16-2008, 01:13 AM
Manoj Srivastava
 
Default MCS/MLS status in Debian

Hi,

Plans for refpolicy.

I have been looking at what the tresys folks have done in
Ubuntu. They have the unconfined module in it's own package; and the
rest of the policy in others (they also have pulled out just cups
policy into a package by itself, but I have figured out why cups was
selected for special treatment).

Unfortunately, I do not think they have offered a transition
path. Here is a tentative plan:

1. Create a package that has all packages that belong in Debian
standard distribution. All the modules in this package are in the
base.pp module. Make this package compile base module, but not load
it. This is the common/base/standard package.
2. Create a package that just has the unconfined module. Make this
package compile the unconfined module on installation, but not load
it. This package depends on the package created in step one.
3. Create a package that has the rest of the policy modules. This
package also depends on the package created in step one. In the long
term, when we create the preinst hook in dpkg, which should be fed
the name of all the packages which dpkg is going to install, then we
compile the corresponding modules, and we load them.

In the short term, we can create a script that, when run:
a) look at the installed packages, and compile policy modules that
corresponds to installed packages. Only non-base modules are
looked for, of course.
b) Given a list of package or policy module names, adds that to the
list of packages installed, and loads the policy modules
corresponding to the package/module names passed in on the
command line.
Call this script from the postinst, and let the user call it at
will. make any user interactions in this script happen via
debconf. This script can then eventually be called from the preinst
hook.


manoj
--
The older a man gets, the farther he had to walk to school as a boy.
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/~srivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 08:51 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org