[refpolicy] What is the best way to trim out modules, apps from refpolicy when building monolithic policy.
samgandhi9 at gmail.com
Fri Jun 10 12:52:31 CDT 2011
On Fri, Jun 10, 2011 at 9:34 AM, Christopher J. PeBenito
<cpebenito at tresys.com> wrote:
> On 06/10/11 12:05, Dominick Grift wrote:
>> Wnen you do "make config" it creates a modules.conf i believe. You can
>> remove modules from that file and then those should not be built i
>> You can also include a custom modules.conf in your package and replace
>> that by the one that is generated before you actually compile the
> I suggest the above, rather than deleting files out of the tree. This
> is one of the reasons we have a modules.conf for the policy. The 'make
> conf' target will create a modules.conf if you don't have one.
I have created the modules.conf and things are progressing. What I am
finding say I enable module ssh, now it wants me to enable the mail
Now is it considered right thing to do go ahead and just edit ssh.if
file and take out mta_getattr_spool($1_t) or there is better way to
untangle the interdependency between the modules?
Should I introduce a boolean variable in policy/booleans.conf and make
it tunable_policy('platform_has_mail', .. and send out the change for
diff in case someone else might be interested?
More information about the refpolicy