This patch moves the final files from inside
/var/lib/selinux/<store>/[active|previous|tmp] to
/var/lib/selinux/tmp/<store>. The move is done to facilitate using
source control management on the /var/lib/selinux/<store> directory. If
these files remain in /var/lib/selinux/<store> they will pose a size
problem if an SCM like git is used as we'd be storing lots of binary
diffs. We are suggesting making this change now, rather than later when
source policy, SCM, and CIL[1] support are available, to ease the
migration burden.
These are the files that have been moved:
/var/lib/selinux/<store>/active/... /var/lib/selinux/tmp/<store>/...
file_contexts contexts/files/file_contexts
file_contexts.homedirs contexts/files/file_contexts.homedirs
file_contexts.local contexts/files/file_contexts.local
netfilter_contexts contexts/netfilter_contexts
policy.kern policy/policy.<policyversion>
seusers.final seusers
The layout of these files in /var/lib/selinux/tmp/<store> is designed to
mirror their locations in /etc/selinux/<store>. This should help clarify
the relationship between these final files and the files installed in
etc.
One consequence of this move is that reverting to the previous policy
version requires a policy rebuild. Currently you can revert without
rebuilding.
[1] CIL RFC: http://marc.info/?l=selinux&m=124759244409438&w=2
Signed-off-by: Chad Sellers <csellers@tresys.com>