98455c552451133e1b62fd120b7ae7d921fa59d7 |
|
26-Mar-2012 |
Manoj Srivastava <srivasta@debian.org> |
sepolgen: fix detection of policy loads I am running into an issue with sepolgen. Debian ships more than one version of the refpolicy, a default one, and a MLS enabled one. So, the include files live in either /usr/share/selinux/{default,mls}/include sepolgen (in src/sepolgen/defaults.py) sets refpolicy_devel() to a single location -- and thus, only one version of the security policy may be supported. So, sepolgen-ifgen from policycoreutils can only work with one policy, which may not be the one installed on the target machine. Could this be made configurable, somehow? As far as I can see, sepolgen's python library does not offer any way to set the value. This change fixes that. Now you may set the path to look for development headers in /etc/selinux/sepolgen.conf, in the variable SELINUX_DEVEL_PATH. The builtin default will have it work on Debian and fedora machines out of the box. Signed-off-by: Laurent Bigonville bigon@debian.org Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/sepolgen/src/sepolgen/defaults.py
|