On Wed, May 09, 2007 at 02:34:18AM +0200, Erich Schubert wrote:
> I don't think this is a good idea. If I have (for whatever reason) to
> modify a policy module, I'd like to be able to bump the version number a
> bit to avoid it from being updated. Like bumping it to 2.x; it will be
> some time until refpolicy uses 2.x version numbers and by then the
> policy module will be worthless anyway.
> That way, if we'd e.g. have to do a security update for the policy
> package, this customized module wouldn't be updated.
Well, I don't know much about SElinux (yet) but how about storing the
modified module at a different location (say under
/var/selinux/local-policy)? That way the update script can be taught to
simply ignore the shipped module if a customized module with the same
name exists, and use your customized version instead. No need to play
with version numbers, no need to check if the file was changed.
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
