selinux: Re: [PATCH 03/13] libsemanage: move the module store to

Re: [PATCH 03/13] libsemanage: move the module store to /var/lib/selinux

From: Stephen Smalley <sds_at_nospam>
Date: Fri Jan 08 2010 - 15:19:12 GMT

On Fri, 2010-01-08 at 09:50 -0500, James Carter wrote:
> On Fri, 2010-01-08 at 09:28 -0500, Stephen Smalley wrote:
> > On Wed, 2009-12-23 at 18:25 -0500, Caleb Case wrote:
> > > This patch moves the module store from /etc/selinux/<store>/modules to
> > > /var/lib/selinux/<store>.
> >
> > Can the path prefix (i.e. /var/lib/selinux) be made configurable?
> >
> There would be no other prefixes other than /var/lib/selinux
> or /etc/selinux, or do you have something else in mind?
> I guess that you are thinking of backwards compatibility, but you still
> won't have it even if you change the prefix because the directory
> structure is different (priority directories and such). I don't see
> what you would gain with changing the prefix.

I just dislike the notion that to change the location one would have to recompile the library. Even worse, one would have to modify the sources versus just altering a -D flag in the Makefile specifying the path prefix. We already have one such case in libsemanage with a FIXME comment next to it; I didn't want to extend the set of such cases. -- Stephen Smalley National Security Agency