From: justinmattock@gmail.com (Justin P. Mattock)
Date: Fri, 19 Feb 2010 02:34:29 -0800
Subject: [refpolicy] Changing build.conf defaults?
In-Reply-To: <1266603950.11694.188.camel@gorn.columbia.tresys.com>
References: <1266602439.32011.88.camel@moss-pluto.epoch.ncsc.mil>
	<1266603950.11694.188.camel@gorn.columbia.tresys.com>
Message-ID: <1266575669.5199.10.camel@linux-dbym.site>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 2010-02-19 at 13:25 -0500, Christopher J. PeBenito wrote:
> On Fri, 2010-02-19 at 13:00 -0500, Stephen Smalley wrote:
> > Hi,
> > 
> > I was wondering whether it would make sense to change the refpolicy
> > build.conf defaults to more closely reflect the actual settings in use
> > in modern distributions.  In particular, I was thinking that we are long
> > past the point where it makes sense to make MONOLITHIC=n the default
> > given that:
> > - all modern distros with SELinux use modular/managed policy, and
> > - semodule, semanage, and even setsebool -P will only work if using
> > modular/managed policy these days.
> > 
> > Changing the default would eliminate at least one case of common user
> > error when building from upstream refpolicy on a modern distribution.
> > 
> > Any objections to changing that default upstream?
> 
> I don't.  But I'll wait for a while before changing it to see if anyone
> objects.
> 


no objections here.
building a binary policy is easier
than monolithic(especially in a distro environment).
i.g. no need for the source to add user/login
just semanage.

Justin P. Mattock