* [refpolicy] [PATCH] Change build.conf to default to modular policy builds
@ 2011-02-11 21:07 Stephen Smalley
2011-02-16 13:55 ` Christopher J. PeBenito
0 siblings, 1 reply; 2+ messages in thread
From: Stephen Smalley @ 2011-02-11 21:07 UTC (permalink / raw)
To: refpolicy
Change build.conf to default to modular policy builds rather than
monolithic policy builds. Rationale: All modern Linux distributions
that incorporate SELinux support have switched to using modular policy,
and many of the policy tools (semodule, semanage, and even modern
versions of setsebool) only work if using modular policy.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
P.S. Are there any other build.conf defaults that should be changed
(e.g. TYPE, UNK_PERMS, DIRECT_INITRC)? What do Debian and Ubuntu use
for their default policy builds?
build.conf | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/build.conf b/build.conf
index d13e236..5a521c4 100644
--- a/build.conf
+++ b/build.conf
@@ -44,9 +44,9 @@ NAME = refpolicy
# not work in conditional policy.
DIRECT_INITRC = n
-# Build monolithic policy. Putting n here
-# will build a loadable module policy.
-MONOLITHIC = y
+# Build monolithic policy. Putting y here
+# will build a monolithic policy.
+MONOLITHIC = n
# User-based access control (UBAC)
# Enable UBAC for role separations.
--
Stephen Smalley
National Security Agency
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [refpolicy] [PATCH] Change build.conf to default to modular policy builds
2011-02-11 21:07 [refpolicy] [PATCH] Change build.conf to default to modular policy builds Stephen Smalley
@ 2011-02-16 13:55 ` Christopher J. PeBenito
0 siblings, 0 replies; 2+ messages in thread
From: Christopher J. PeBenito @ 2011-02-16 13:55 UTC (permalink / raw)
To: refpolicy
On 02/11/11 16:07, Stephen Smalley wrote:
> Change build.conf to default to modular policy builds rather than
> monolithic policy builds. Rationale: All modern Linux distributions
> that incorporate SELinux support have switched to using modular policy,
> and many of the policy tools (semodule, semanage, and even modern
> versions of setsebool) only work if using modular policy.
>
> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Merged.
> ---
>
> P.S. Are there any other build.conf defaults that should be changed
> (e.g. TYPE, UNK_PERMS, DIRECT_INITRC)? What do Debian and Ubuntu use
> for their default policy builds?
>
> build.conf | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/build.conf b/build.conf
> index d13e236..5a521c4 100644
> --- a/build.conf
> +++ b/build.conf
> @@ -44,9 +44,9 @@ NAME = refpolicy
> # not work in conditional policy.
> DIRECT_INITRC = n
>
> -# Build monolithic policy. Putting n here
> -# will build a loadable module policy.
> -MONOLITHIC = y
> +# Build monolithic policy. Putting y here
> +# will build a monolithic policy.
> +MONOLITHIC = n
>
> # User-based access control (UBAC)
> # Enable UBAC for role separations.
>
>
>
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-02-16 13:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-02-11 21:07 [refpolicy] [PATCH] Change build.conf to default to modular policy builds Stephen Smalley
2011-02-16 13:55 ` Christopher J. PeBenito
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.