package/{refpolicy,libsepol}: move policy version selection from refpolicy to libsepol
Currently, a user sets a policy version via the refpolicy package.
Having the option here has a few disadvantages:
- The Refpolicy package is not technically needed to use SELinux.
- When building a modular policy, Refpolicy will ignore the version string
and build the highest version possible which will cause libsemanage to
possibly fail when loading the policy.
Specifying a manual policy version in /etc/selinux/semanage.conf
forces libsemanage to load a specific policy version, which fixes the
above issue. However, because refpolicy currently defines the policy
version, libsemanage does not have a way to determine the policy
version, as refpolicy is not a dependency of libsemanage.
To work around these limitations, move the policy version number
selection to libsepol, as a system using SELinux always requires this
library.
Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
projects / buildroot.git / commit