From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 10 Jun 2011 12:34:14 -0400 Subject: [refpolicy] What is the best way to trim out modules, apps from refpolicy when building monolithic policy. In-Reply-To: <1307721943.2645.21.camel@localhost.localdomain> References: <1307721943.2645.21.camel@localhost.localdomain> Message-ID: <4DF24786.7000605@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 06/10/11 12:05, Dominick Grift wrote: > Wnen you do "make config" it creates a modules.conf i believe. You can > remove modules from that file and then those should not be built i > believe. > > You can also include a custom modules.conf in your package and replace > that by the one that is generated before you actually compile the > policy. I suggest the above, rather than deleting files out of the tree. This is one of the reasons we have a modules.conf for the policy. The 'make conf' target will create a modules.conf if you don't have one. > Fedora does this as well because it wants to use a different collection > of modules depending on the policy model. > > e.g. include this model is the model is targeted but exclude it if the > model is mls etc. > > But you can also just remove the modules. > > The eclipse-slide Selinux ide also gives the possibility to > include/exclude modules in the project properties. > > On Fri, 2011-06-10 at 08:56 -0700, Sam Gandhi wrote: >> Hello, >> >> I want try and build monolithic policy based on the reference policy >> available via refpolicy.git (git clone >> http://oss.tresys.com/git/refpolicy.git) >> >> I have made changes to top level build.conf file to set MONOLITHIC = y. >> >> But I haven't yet come across way to trim out apps/ and modules we >> don't run on our device. >> >> Is there easy way to specify this or I should just removing files from >> policy/modules/ & modules which I know don't run on our device >> unwanted files? >> >> The target I am working with has only 64MB memory and 256MB flash. >> >> -Sam >> _______________________________________________ >> refpolicy mailing list >> refpolicy at oss.tresys.com >> http://oss.tresys.com/mailman/listinfo/refpolicy >> >> >> _______________________________________________ >> refpolicy mailing list >> refpolicy at oss.tresys.com >> http://oss.tresys.com/mailman/listinfo/refpolicy -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com