[Rpm-maint] [PATCH 04/12] Add new %policy section to the spec file format
Bill Nottingham
notting at redhat.com
Fri Oct 23 17:13:21 UTC 2009
Steve Lawrence (slawrence at tresys.com) said:
> After each %module directive can be zero or more options, specified in
> the same format as Preamble tags. The current options are:
>
> Base: Whether or not the module is a base module. Values can be
> yes/1 or no/0. Defaults to no/0 if not given.
>
> Name: The name of the module. If not given, we assume the name is
> the basename of the module file with file extensions removed
>
> Obsoletes: One or more space-separated strings specifying which modules
> are obsoleted by a module. Obsoleted modules are removed and
> the new modules are installed. An example of when this might
> be used is in policy renames. For example, if we renamed
> foo.pp to bar.pp, we would specify that bar obsoletes foo. If
> not specified, it is assumed the module obsoletes nothing.
>
> Types: One or more space-separated strings specifying which policy
> types the module can work with. To explicitly state that a module
> can work with any policy type, "default" can be specified as
> the value. If not specified, we assume the module can work with
> any policy type, and assign the types as "default".
How do you properly handle conflicts or requirements with various versions
of the base policy package?
> %policy
> %module policy/foo.pp
> Name: foo
> Types: mls
> Obsoletes: baz boo
> %module policy/bar.pp
> Name: bar
> Types: strict targeted mls
> Obsoletes: foo
> Base: yes
I'm assuming the whitespace is irrelevant here. If it's not, it
should be.
> RPMTAG_POILCYTYPES: RPMTAG_POLICYTYPESINDEXES:
> 0: mls 0: 0
> 1: strict 1: 1
> 2: targeted 2: 1
> 3: mls 3: 1
So, for every new policy type that gets created, RPM
would need patched and rebuilt to recognize it?
Bill
More information about the Rpm-maint
mailing list