Laurent Jacquot wrote:
Hello,
I can no longer build my custom selinux policy with recent upgrades (SE
policy source replaced with SE policy).
What is the new way (used to be make reload)?
tx in advance
jk
You need to use loadable modules. Take a look a the man page for
audit2allow, for some explanation. I don't know if we have a good
description available yet for loadable policy.
The hardest part of converting your local.te into a loadable module will
be writing the require section.
You need to define all types, class and roles in this section in order
to get the loadable module.
==================================================================================
module local 1.0;
require {
role system_r;
class fifo_file { getattr ioctl };
type cupsd_config_t;
type unconfined_t;
};
allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl };
==================================================================================
--
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
