FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Hardened

 
 
LinkBack Thread Tools
 
Old 11-08-2011, 12:52 AM
Stan Sander
 
Default refpolicy and Gentoo ebuilds

I've started poking around in the refpolicy source to help me learn
about the correct policy module style by looking at other examples.
I've noticed that there are modules that get unpacked from the
selinux-base-policy ebuild (doing just the prepare step as in the Gentoo
docs) that don't seem to have their own e-build. It's simple enough to
build these if I need them directly from this source, but I was curious
why some have e-builds and some don't. Is it just a simple matter of no
one having stepped up yet and said here is an e-build for *foo*?

--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org
 
Old 11-08-2011, 04:57 PM
Sven Vermeulen
 
Default refpolicy and Gentoo ebuilds

On Mon, Nov 07, 2011 at 06:52:40PM -0700, Stan Sander wrote:
> I've started poking around in the refpolicy source to help me learn
> about the correct policy module style by looking at other examples.
> I've noticed that there are modules that get unpacked from the
> selinux-base-policy ebuild (doing just the prepare step as in the Gentoo
> docs) that don't seem to have their own e-build. It's simple enough to
> build these if I need them directly from this source, but I was curious
> why some have e-builds and some don't. Is it just a simple matter of no
> one having stepped up yet and said here is an e-build for *foo*?

Hi Stan,

There are three possible reasons why you will not find an appropriate ebuild
for a specific SELinux policy:

- The module itself is part of the base policy and as such is included in
the selinux-base-policy build (not extract only). You can see which
modules are part of base by looking at the
selinux-base-policy/files/modules.conf file in the portage tree.

- The module itself is for a software package that is not in the Portage
tree (yet)

- We forgot to create one ;-)

So by all means, if you think we need an ebuild for a specific policy
module, ask and I'll gladly add it to the tree.

Wkr,
Sven Vermeulen
 
Old 11-08-2011, 11:09 PM
Stan Sander
 
Default refpolicy and Gentoo ebuilds

I checked in the modules.conf and it is not included in the base and it
does have an ebuild in both the stable and ~arch portage trees. I'm
sure you would probably prefer me to open a bug on it, but the missing
selinux module is services/uwimap. If I understand (and I think I do at
this point) the way the .te file is written it should have a dependency
on services/inetd


On 11/08/2011 10:57 AM, Sven Vermeulen wrote:
> Hi Stan,
>
> There are three possible reasons why you will not find an appropriate ebuild
> for a specific SELinux policy:
>
> - The module itself is part of the base policy and as such is included in
> the selinux-base-policy build (not extract only). You can see which
> modules are part of base by looking at the
> selinux-base-policy/files/modules.conf file in the portage tree.
>
> - The module itself is for a software package that is not in the Portage
> tree (yet)
>
> - We forgot to create one ;-)
>
> So by all means, if you think we need an ebuild for a specific policy
> module, ask and I'll gladly add it to the tree.
>
> Wkr,
> Sven Vermeulen


--
Stan & HD Tashi Grad 10/08 Edgewood, NM SWR
PR - Cindy and Jenny - Sammamish, WA NWR
http://www.cci.org
 

Thread Tools




All times are GMT. The time now is 03:26 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org