I propose to split all CIL packages (not necessarily corresponding 1-1 to Debian packages) into two categories:
1. base policies; 2. additional modules. Installation of a base policy would create /etc/selinux/<POLICY> dir. Installation of additional modules would not create this dir. Each additional modules can be activated individually using symlinks in /etc Sometimes one additional module may be compatible with several base policies. It is possible to restrict installation of additional modules only when a compatible base policy is installed. However this does not warrant that a module is active only when a compatible base policy is active. The simplest way to resolve this issue is to put the burden to activate only compatible additional modules on the system administrator. Any other ideas? -- Victor Porton - http://portonvictor.org _______________________________________________ SELinux-devel mailing list SELinux-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/selinux-devel