From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 19 Feb 2010 13:25:50 -0500
Subject: [refpolicy] Changing build.conf defaults?
In-Reply-To: <1266602439.32011.88.camel@moss-pluto.epoch.ncsc.mil>
References: <1266602439.32011.88.camel@moss-pluto.epoch.ncsc.mil>
Message-ID: <1266603950.11694.188.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 2010-02-19 at 13:00 -0500, Stephen Smalley wrote:
> Hi,
> 
> I was wondering whether it would make sense to change the refpolicy
> build.conf defaults to more closely reflect the actual settings in use
> in modern distributions.  In particular, I was thinking that we are long
> past the point where it makes sense to make MONOLITHIC=n the default
> given that:
> - all modern distros with SELinux use modular/managed policy, and
> - semodule, semanage, and even setsebool -P will only work if using
> modular/managed policy these days.
> 
> Changing the default would eliminate at least one case of common user
> error when building from upstream refpolicy on a modern distribution.
> 
> Any objections to changing that default upstream?

I don't.  But I'll wait for a while before changing it to see if anyone
objects.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150