Re: custom selinux policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Laurent Jacquot wrote:
Hello,
I can no longer build my custom selinux policy with recent upgrades (SE
policy source replaced with SE policy).
What is the new way (used to be make reload)?

tx in advance
	jk

You need to use loadable modules. Take a look a the man page for audit2allow, for some explanation. I don't know if we have a good description available yet for loadable policy.

The hardest part of converting your local.te into a loadable module will be writing the require section. You need to define all types, class and roles in this section in order to get the loadable module.
==================================================================================
      module local 1.0;

      require {
              role system_r;

              class fifo_file {  getattr ioctl };

              type cupsd_config_t;
              type unconfined_t;
       };

      allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl };
==================================================================================

--


--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux