LinuxLists.cc - [refpolicy] [PATCH] Change build.conf to default to modular policy builds

2011-02-11 21:07:08

Subject: [refpolicy] [PATCH] Change build.conf to default to modular policy builds

Change build.conf to default to modular policy builds rather than
monolithic policy builds. Rationale: All modern Linux distributions
that incorporate SELinux support have switched to using modular policy,
and many of the policy tools (semodule, semanage, and even modern
versions of setsebool) only work if using modular policy.

Signed-off-by: Stephen Smalley <[email protected]>

---

P.S. Are there any other build.conf defaults that should be changed
(e.g. TYPE, UNK_PERMS, DIRECT_INITRC)? What do Debian and Ubuntu use
for their default policy builds?

build.conf | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/build.conf b/build.conf
index d13e236..5a521c4 100644
--- a/build.conf
+++ b/build.conf
@@ -44,9 +44,9 @@ NAME = refpolicy
# not work in conditional policy.
DIRECT_INITRC = n

-# Build monolithic policy. Putting n here
-# will build a loadable module policy.
-MONOLITHIC = y
+# Build monolithic policy. Putting y here
+# will build a monolithic policy.
+MONOLITHIC = n

# User-based access control (UBAC)
# Enable UBAC for role separations.

--
Stephen Smalley
National Security Agency

2011-02-16 13:55:55

by cpebenito

[permalink] [raw]

Subject: [refpolicy] [PATCH] Change build.conf to default to modular policy builds

On 02/11/11 16:07, Stephen Smalley wrote:
> Change build.conf to default to modular policy builds rather than
> monolithic policy builds. Rationale: All modern Linux distributions
> that incorporate SELinux support have switched to using modular policy,
> and many of the policy tools (semodule, semanage, and even modern
> versions of setsebool) only work if using modular policy.
>
> Signed-off-by: Stephen Smalley <[email protected]>

Merged.

> ---
>
> P.S. Are there any other build.conf defaults that should be changed
> (e.g. TYPE, UNK_PERMS, DIRECT_INITRC)? What do Debian and Ubuntu use
> for their default policy builds?
>
> build.conf | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/build.conf b/build.conf
> index d13e236..5a521c4 100644
> --- a/build.conf
> +++ b/build.conf
> @@ -44,9 +44,9 @@ NAME = refpolicy
> # not work in conditional policy.
> DIRECT_INITRC = n
>
> -# Build monolithic policy. Putting n here
> -# will build a loadable module policy.
> -MONOLITHIC = y
> +# Build monolithic policy. Putting y here
> +# will build a monolithic policy.
> +MONOLITHIC = n
>
> # User-based access control (UBAC)
> # Enable UBAC for role separations.
>
>
>

--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com