[refpolicy] [PATCH] Change build.conf to default to modular policy builds

All of lore.kernel.org
 help / color / mirror / Atom feed

From: sds@tycho.nsa.gov (Stephen Smalley)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH] Change build.conf to default to modular policy builds
Date: Fri, 11 Feb 2011 16:07:08 -0500	[thread overview]
Message-ID: <1297458428.21036.36.camel@moss-pluto> (raw)

Change build.conf to default to modular policy builds rather than
monolithic policy builds.  Rationale: All modern Linux distributions
that incorporate SELinux support have switched to using modular policy,
and many of the policy tools (semodule, semanage, and even modern
versions of setsebool) only work if using modular policy.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>

---

P.S.  Are there any other build.conf defaults that should be changed
(e.g. TYPE, UNK_PERMS, DIRECT_INITRC)?  What do Debian and Ubuntu use
for their default policy builds?  

 build.conf |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/build.conf b/build.conf
index d13e236..5a521c4 100644
--- a/build.conf
+++ b/build.conf
@@ -44,9 +44,9 @@ NAME = refpolicy
 # not work in conditional policy.
 DIRECT_INITRC = n

-# Build monolithic policy.  Putting n here
-# will build a loadable module policy.
-MONOLITHIC = y
+# Build monolithic policy.  Putting y here
+# will build a monolithic policy.
+MONOLITHIC = n

 # User-based access control (UBAC)
 # Enable UBAC for role separations.

-- 
Stephen Smalley
National Security Agency

next             reply	other threads:[~2011-02-11 21:07 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-02-11 21:07 Stephen Smalley [this message]
2011-02-16 13:55 ` [refpolicy] [PATCH] Change build.conf to default to modular policy builds Christopher J. PeBenito

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d13e236 dfblob:5a521c4 )
 OR (
bs:"[refpolicy] [PATCH] Change build.conf to default to modular policy builds" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1297458428.21036.36.camel@moss-pluto \
    --to=sds@tycho.nsa.gov \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.