Hello Neil, > > > Yep, I'm generating them on compile time in my packages and storing them > > > in an auxillary file. shipping another 1k file with the package felt > > > nicer to me than computing it on install time. > > > > That's fine as long as the dependencies don't change due to local > > modifications.
> How would that method cope with a cross-build? Emdebian has already > built some selinux packages from the Debian sources for a rootfs and We're talking about policy package dependencies, not about debian package dependencies. These dependencies mean that the foobar.pp policy package can't be installed unless quux.pp is also installed. If you want to change that for Emdebian, you'll be building a different policy, and then you can just include a different dependency file with that policy. Now refpolicy is already very tight on permissions; I don't think you'll really want to further narrow down permissions for Emdebian (though you e.g. could put perl into a separate domain and then prevent some domains from executing perl... right now, any process that can run /usr/bin/less can also run /usr/bin/perl) best regards, Erich Schubert -- erich@(vitavonni.de|debian.org) -- GPG Key ID: 4B3A135C (o_ Reality continues to ruin my life --- Calvin //\ Mathematik: Das Alphabet, mit dessen Hilfe Gott das Universum V_/_ beschrieben hat. --- Galileo Galilei -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]