On Wed, 9 May 2007 13:00:14 +0200, Gabor Gombas <[EMAIL PROTECTED]> said:
> Well, I don't know much about SElinux (yet) but how about storing the > modified module at a different location (say under > /var/selinux/local-policy)? That way the update script can be taught > to simply ignore the shipped module if a customized module with the > same name exists, and use your customized version instead. No need to > play with version numbers, no need to check if the file was changed. Sure. The problem is when your policy .deb is upgraded, and the postinst tries to refresh the installed policy (perhaps asking using debconf to ask you). At this point, I know how to look up the version of the policy module foo that is installed (and is also present in /etc/selinux/<policy-type>/modules/active/modules/foo.pp). But I do not know the version of /usr/share/selinux/<policy-type>/foo.pp. I can, of course, determine that these two files are different /etc/selinux/<policy-type>/modules/active/modules/foo.pp and /usr/share/selinux/<policy-type>/foo.pp -- but Ercih wants me to be version aware, and that is the problem. I am not sure I can see how we can easily change the location of the policy store ( /etc/selinux/<policy-type>/modules/active/modules), if you think the store location should be changed. manoj -- "If you are patient in one moment of anger, you will escape a hundred days of sorrow." -Chinese Proverb Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/~srivasta/> 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]