Re: [gentoo-hardened] refpolicy and Gentoo ebuilds

On Mon, Nov 07, 2011 at 06:52:40PM -0700, Stan Sander wrote:
> I've started poking around in the refpolicy source to help me learn
> about the correct policy module style by looking at other examples.
> I've noticed that there are modules that get unpacked from the
> selinux-base-policy ebuild (doing just the prepare step as in the Gentoo
> docs) that don't seem to have their own e-build. It's simple enough to
> build these if I need them directly from this source, but I was curious
> why some have e-builds and some don't. Is it just a simple matter of no
> one having stepped up yet and said here is an e-build for *foo*?

Hi Stan,

There are three possible reasons why you will not find an appropriate ebuild
for a specific SELinux policy:

- The module itself is part of the base policy and as such is included in
  the selinux-base-policy build (not extract only). You can see which
  modules are part of base by looking at the
  selinux-base-policy/files/modules.conf file in the portage tree.

- The module itself is for a software package that is not in the Portage
  tree (yet)

- We forgot to create one ;-)

So by all means, if you think we need an ebuild for a specific policy
module, ask and I'll gladly add it to the tree.

Wkr,
        Sven Vermeulen

• This message: [ Message body ]
• Next message: Francisco Blas Izquierdo Riera (klondike): "Re: [gentoo-hardened] Grsec X11 Rbac Selinux Priviledged/Raw I/O Mprotect Firefox"
• Previous message: Stan Sander: "[gentoo-hardened] refpolicy and Gentoo ebuilds"
• In reply to: Stan Sander: "[gentoo-hardened] refpolicy and Gentoo ebuilds"
• Next in thread: Stan Sander: "Re: [gentoo-hardened] refpolicy and Gentoo ebuilds"
• Reply: Stan Sander: "Re: [gentoo-hardened] refpolicy and Gentoo ebuilds"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]