[refpolicy] What is the best way to trim out modules, apps from refpolicy when building monolithic policy.

Christopher J. PeBenito cpebenito at tresys.com
Fri Jun 10 11:34:14 CDT 2011 

On 06/10/11 12:05, Dominick Grift wrote:
> Wnen you do "make config" it creates a modules.conf i believe. You can
> remove modules from that file and then those should not be built i
> believe.
> 
> You can also include a custom modules.conf in your package and replace
> that by the one that is generated before you actually compile the
> policy.

I suggest the above, rather than deleting files out of the tree.  This
is one of the reasons we have a modules.conf for the policy.  The 'make
conf' target will create a modules.conf if you don't have one.

> Fedora does this as well because it wants to use a different collection
> of modules depending on the policy model.
> 
> e.g. include this model is the model is targeted but exclude it if the
> model is mls etc.
> 
> But you can also just remove the modules.
> 
> The eclipse-slide Selinux ide also gives the possibility to
> include/exclude modules in the project properties.
> 
> On Fri, 2011-06-10 at 08:56 -0700, Sam Gandhi wrote:
>> Hello,
>>
>> I want try and build monolithic policy based on the reference policy
>> available via  refpolicy.git (git clone
>> http://oss.tresys.com/git/refpolicy.git)
>>
>> I have made changes to top level build.conf file to set MONOLITHIC = y.
>>
>> But I haven't yet come across way to trim out  apps/ and modules we
>> don't run on our device.
>>
>> Is there easy way to specify this or I should just removing files from
>> policy/modules/ & modules which I know don't run on our device
>> unwanted files?
>>
>> The target I am working with has only 64MB memory and 256MB flash.
>>
>> -Sam
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>>
>>
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

More information about the refpolicy mailing list