Stephen Smalley wrote:
On Tue, 2005-11-29 at 11:32 -0500, Daniel J Walsh wrote:
The hardest part of converting your local.te into a loadable module will
be writing the require section.
You need to define all types, class and roles in this section in order
to get the loadable module.
How hard would it be to add an option to audit2allow (or create a
variant script) that takes a .te file as input and generates the
requires statements for it? You are already doing that from audit
messages, so it shouldn't be difficult to do likewise from an existing
set of allow rules. Then people could run that to convert over their
existing local.te files into module form, and then use audit2allow -m
for subsequent additions.
That would also be nice for converting over the test policy.
Yes I was considering adding a new flag to take an input from a te file.
So we could parse a te file and/or an audit message and combine the
output into a new te file using reference policy format.
--
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
