Laurent Jacquot wrote:
On mar, 2005-11-29 at 11:32 -0500, Daniel J Walsh wrote:
Laurent Jacquot wrote:
Hello,
I can no longer build my custom selinux policy with recent upgrades (SE
policy source replaced with SE policy).
What is the new way (used to be make reload)?
tx in advance
jk
You need to use loadable modules. Take a look a the man page for
audit2allow, for some explanation. I don't know if we have a good
description available yet for loadable policy.
The hardest part of converting your local.te into a loadable module will
be writing the require section.
You need to define all types, class and roles in this section in order
to get the loadable module.
==================================================================================
module local 1.0;
require {
role system_r;
class fifo_file { getattr ioctl };
type cupsd_config_t;
type unconfined_t;
};
allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl };
==================================================================================
--
Thanks a lot for this info.
BTW the audit2allow (policycoreutils-1.27.29-1) manpage isn't updated
regarding the module stuff. Hopefully, the -M option is verbose
Would you mind shed some light on the new file context definition? (used
to be local.fc)
Laurent
manpage looks correct on my machine?
File context file should be the same.
checkmodule -M -m -o /tmp/local.mod /tmp/local.te
semodule_package -o /tmp/local.pp -m /tmp/local.mod -f /tmp/local.fc
--
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list