|Main Archive Page > Month Archives > gentoo-hardened archives|
On Mon, Nov 07, 2011 at 06:52:40PM -0700, Stan Sander wrote:
> I've started poking around in the refpolicy source to help me learn
> about the correct policy module style by looking at other examples.
> I've noticed that there are modules that get unpacked from the
> selinux-base-policy ebuild (doing just the prepare step as in the Gentoo
> docs) that don't seem to have their own e-build. It's simple enough to
> build these if I need them directly from this source, but I was curious
> why some have e-builds and some don't. Is it just a simple matter of no
> one having stepped up yet and said here is an e-build for *foo*?
There are three possible reasons why you will not find an appropriate ebuild
for a specific SELinux policy:
- The module itself is part of the base policy and as such is included in
the selinux-base-policy build (not extract only). You can see which
modules are part of base by looking at the
selinux-base-policy/files/modules.conf file in the portage tree.
- The module itself is for a software package that is not in the Portage
- We forgot to create one ;-)
So by all means, if you think we need an ebuild for a specific policy
module, ask and I'll gladly add it to the tree.