On Wed, 2009-07-01 at 09:18 -0400, Stephen Smalley wrote:
On Tue, 2009-06-30 at 21:46 -0400, Eric Paris wrote:
> On Tue, 2009-06-30 at 17:28 -0400, Daniel J Walsh wrote:
>
> > RIght I think you would need to build on F9 for support on F11 not the
> > other way around. Just like you would do with shared libraries. You
> > would not expect an c executable built on F11 to run on F9?
>
> I think he wants a single code base which can be built on F9 or F11. I
> might not expect that C to run, but I'd expect the same source could be
> compiled on either.
>
> We aren't providing enough information for his policy to know which
> interface it should be using, not sure how to solve the problem, but
> obviously Rob want a way to use the new interface if it is there and to
> use the old interface if it is not.....
In the case of the ltp selinux test policy, which has a similar
challenge with changing refpolicy interfaces (as well as kernel changes,
e.g. introduction and enabling of open perm), I finally had to just fork
a copy of the test policy in a subdirectory for RHEL5, while continuing
to track the latest Fedora in the main directory. The Makefile then
selects what policy to build automatically.
I do however enable the main copy of the test policy to build on
multiple Fedora releases through use of ifdefs, ala:
# If the base policy defines userdom_search_generic_user_home_dirs
# then no action required; else define it to
# userdom_search_user_home_dirs.
ifdef(`userdom_search_generic_user_home_dirs', `', ` dnl
interface(`userdom_search_generic_user_home_dirs', `
userdom_search_user_home_dirs($1)
')
')
--
Stephen Smalley
National Security Agency