On 16/04/17 14:31, Jason Zaman wrote:
On Thu, Apr 13, 2017 at 12:02:24PM +0100, Robert Sharp wrote:
Is there a difference between policies that appear to be in core but
also have their own ebuilds? For example: selinux-ddclient versus
policy/modules/contrib/dnsmasq.* and selinux-ddclient versus
policy/modules/contrib/ddclient. I need to change both but when I tried
to change dnsmasq it started complaining bitterly about binding to
random ports, which is what dnsmasq does.
Not sure i follow exactly what you're asking but lemme give a quick
overview and see if it helps.
just because these things are not sec-policy/selinux-base{,-policy}
doesnt mean they all come from the /contrib/ dir inside the repo, there
are several things that are outside cthats not a requirement or
anything. eg: selinux-xserver's files are from
services/xserver.{te,if,fc}
Hope this makes some of the magic a little clearer,
-- Jason
Thanks for your explanation. I think I understand. The git repository
contains all of the files and the ebuilds pull in different modules? So
if I want to change dnsmasq (so that it can talk to unbound on 553) I
can just copy the .te/.if/.fc files from the git repository and change
them (I have already defined the port in a cil file)?
I just tested this by making the dnsmasq module locally and comparing it
to the /usr/share/selinux/strict one and it is the same. So now I can be
confident that any changes I make will be the sole source of any
problems that might follow!
Fingers crossed and many thanks again for explaining that.
Robert
