From: sds@tycho.nsa.gov (Stephen Smalley)
Date: Fri, 11 Feb 2011 16:07:08 -0500
Subject: [refpolicy] [PATCH] Change build.conf to default to modular policy
	builds
Message-ID: <1297458428.21036.36.camel@moss-pluto>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Change build.conf to default to modular policy builds rather than
monolithic policy builds.  Rationale: All modern Linux distributions
that incorporate SELinux support have switched to using modular policy,
and many of the policy tools (semodule, semanage, and even modern
versions of setsebool) only work if using modular policy.

Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>

---

P.S.  Are there any other build.conf defaults that should be changed
(e.g. TYPE, UNK_PERMS, DIRECT_INITRC)?  What do Debian and Ubuntu use
for their default policy builds?  

 build.conf |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/build.conf b/build.conf
index d13e236..5a521c4 100644
--- a/build.conf
+++ b/build.conf
@@ -44,9 +44,9 @@ NAME = refpolicy
 # not work in conditional policy.
 DIRECT_INITRC = n
 
-# Build monolithic policy.  Putting n here
-# will build a loadable module policy.
-MONOLITHIC = y
+# Build monolithic policy.  Putting y here
+# will build a monolithic policy.
+MONOLITHIC = n
 
 # User-based access control (UBAC)
 # Enable UBAC for role separations.



-- 
Stephen Smalley
National Security Agency