Re: custom selinux policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On mar, 2005-11-29 at 11:32 -0500, Daniel J Walsh wrote:
> Laurent Jacquot wrote:
> > Hello,
> > I can no longer build my custom selinux policy with recent upgrades (SE
> > policy source replaced with SE policy).
> > What is the new way (used to be make reload)?
> >
> > tx in advance
> > 	jk
> >
> >   
> You need to  use loadable modules.  Take a look a the man page for 
> audit2allow, for some explanation.  I don't know if we have a good 
> description available yet for loadable policy.
> 
> The hardest part of converting your local.te into a loadable module will 
> be writing the require section.
> You need to define all types, class and roles in this section in order 
> to get the loadable module.
> ==================================================================================
>        module local 1.0;
> 
>        require {
>                role system_r;
> 
>                class fifo_file {  getattr ioctl };
> 
>                type cupsd_config_t;
>                type unconfined_t;
>         };
> 
>        allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl };
> ==================================================================================
> 
> -- 
Thanks a lot for this info.
BTW the audit2allow (policycoreutils-1.27.29-1) manpage isn't updated
regarding the module stuff. Hopefully, the -M option is verbose

Would you mind shed some light on the new file context definition? (used
to be local.fc)

Laurent



-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux