Michael Thomas wrote:
A few packages (game server daemons) that I maintain in Fedora Extras would benefit from having a selinux security policy available. But since I'm new to writing selinux policies, I was hoping that someone from f-s-l could take a peek at what I did and let me know if I've done things correctly and in the 'recommended' way. I've already tested the policy on FC5 to make sure that it works and produces no 'avc denied' messages: http://www.kobold.org/~wart/fedora/crossfire-1.9.1-2.src.rpm I wasn't sure exactly which networking rules I would need. Most of the ones there were generated by policygentool. I also couldn't figure out why some of the rules at the end of crossfire.te were necessary.
I don't see any domain transition to crossfire_t in your policy; how does it get into that domain?
Your policy file includes a comment about wanting to patch out use of temp files; another option would be to use your own domain for temp files, as you've done for the log files.
Did you follow the guide on Packaging/SELinux on the wiki for actually building the module in your package? I've changed what I do for package building since I last updated that page (and I can't update it any more) and you'll find it won't build on rawhide as there is an selinux-policy-devel package you need as a buildreq there.
An example of the way I'm currently doing SELinux module packaging can be found here:
http://www.city-fan.org/~paul/extras/mod_fcgid/mod_fcgid.spec Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
