From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 16 Feb 2011 08:55:55 -0500
Subject: [refpolicy] [PATCH] Change build.conf to default to modular
 policy builds
In-Reply-To: <1297458428.21036.36.camel@moss-pluto>
References: <1297458428.21036.36.camel@moss-pluto>
Message-ID: <4D5BD76B.40707@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/11/11 16:07, Stephen Smalley wrote:
> Change build.conf to default to modular policy builds rather than
> monolithic policy builds.  Rationale: All modern Linux distributions
> that incorporate SELinux support have switched to using modular policy,
> and many of the policy tools (semodule, semanage, and even modern
> versions of setsebool) only work if using modular policy.
> 
> Signed-off-by:  Stephen Smalley <sds@tycho.nsa.gov>

Merged.

> ---
> 
> P.S.  Are there any other build.conf defaults that should be changed
> (e.g. TYPE, UNK_PERMS, DIRECT_INITRC)?  What do Debian and Ubuntu use
> for their default policy builds?  
> 
>  build.conf |    6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/build.conf b/build.conf
> index d13e236..5a521c4 100644
> --- a/build.conf
> +++ b/build.conf
> @@ -44,9 +44,9 @@ NAME = refpolicy
>  # not work in conditional policy.
>  DIRECT_INITRC = n
>  
> -# Build monolithic policy.  Putting n here
> -# will build a loadable module policy.
> -MONOLITHIC = y
> +# Build monolithic policy.  Putting y here
> +# will build a monolithic policy.
> +MONOLITHIC = n
>  
>  # User-based access control (UBAC)
>  # Enable UBAC for role separations.
> 
> 
> 


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com