On Tue, 2006-09-19 at 19:36 +0200, Salvo Giuffrida wrote: > So, what's now the role of the policy.number file in /etc/..../policy? Can > one still use the "old way" of modifying the source, and recompile into a > big binary file? The policy modules are linked together and expanded into a kernel binary policy image, which is then installed to that file for loading into the kernel. You don't absolutely have to use modular/managed policy, but doing so has definite benefits, and both users and package scriptlets are increasingly taking advantage of semodule and semanage for managing policy in a modular way and customizing certain policy settings, and the dependencies on it are only going to increase in the future as further management infrastructure is created. BTW, while the O'Reilly book predates the modular policy support (possibly they'll issue an updated edition sometime, I don't know), there is a newer SELinux book that includes discussion of policy modules by people involved in their development, see: http://selinuxnews.org/wp/index.php/2006/08/09/new-selinux-book-published/ http://mentalrootkit.org/?p=10 > Another thing, please: What's the "Object manager"? That's a term used in the Flask security architecture, which SELinux implements. See: http://www.nsa.gov/selinux/papers/flask-abs.cfm -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
