On Fri, 16 Apr 2004 09:02, Gene Czarcinski <gene@xxxxxxxxx> wrote: > > If you put an _additional_ file into the appropriate directory, it > > should be picked up by the make scripts and will not be overwritten by > > upgrades. For example, I have > > /etc/security/selinux/src/policy/domains/misc/local.te for local policy > > add-ons and /etc/security/selinux/src/policy/file_contexts/misc/local.fc > > for local file_contexts add-ons. > > Yes, just what I am looking for. > > Perhaps it should be named "local" rather than "misc" but for now it > exists. domains/misc and file_contexts/misc are not necessarily for local customisations, they are for files without a match. For every .te file in domains/program there must be a matching .fc file in file_contexts/program (or you can't build the file_contexts file). Any .fc file in file_contexts/program that does not have a matching .te file will not be used. So if you have a .fc file with no matching .te file or a .te with no matching .fc then you have to put it in a misc directory. For a file you create yourself use a name like local.te or custom.te that is not likely to be used in any distributed policy. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
