Re: custom selinux policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Stephen Smalley wrote:
On Tue, 2005-11-29 at 11:32 -0500, Daniel J Walsh wrote:
The hardest part of converting your local.te into a loadable module will be writing the require section. You need to define all types, class and roles in this section in order to get the loadable module.

How hard would it be to add an option to audit2allow (or create a
variant script) that takes a .te file as input and generates the
requires statements for it?  You are already doing that from audit
messages, so it shouldn't be difficult to do likewise from an existing
set of allow rules.  Then people could run that to convert over their
existing local.te files into module form, and then use audit2allow -m
for subsequent additions.

That would also be nice for converting over the test policy.

Yes I was considering adding a new flag to take an input from a te file.

So we could parse a te file and/or an audit message and combine the output into a new te file using reference policy format.

--


--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux