Thanks a lot for the answer. I have another question, please: Where can I
find the list of all the object classes (file, dir, netif, etc...), and the
operations associated to each one of them?
Thanks a lot
From: Stephen Smalley <sds@xxxxxxxxxxxxx>
To: Salvo Giuffrida <giuffsalvo@xxxxxxxxxx>
CC: sundaram@xxxxxxxxxxxxxxxxx, fedora-selinux-list@xxxxxxxxxx
Subject: Re: .pp files
Date: Wed, 20 Sep 2006 15:04:29 -0400
On Tue, 2006-09-19 at 19:36 +0200, Salvo Giuffrida wrote:
> So, what's now the role of the policy.number file in /etc/..../policy?
Can
> one still use the "old way" of modifying the source, and recompile into
a
> big binary file?
The policy modules are linked together and expanded into a kernel binary
policy image, which is then installed to that file for loading into the
kernel.
You don't absolutely have to use modular/managed policy, but doing so
has definite benefits, and both users and package scriptlets are
increasingly taking advantage of semodule and semanage for managing
policy in a modular way and customizing certain policy settings, and the
dependencies on it are only going to increase in the future as further
management infrastructure is created.
BTW, while the O'Reilly book predates the modular policy support
(possibly they'll issue an updated edition sometime, I don't know),
there is a newer SELinux book that includes discussion of policy modules
by people involved in their development, see:
http://selinuxnews.org/wp/index.php/2006/08/09/new-selinux-book-published/
http://mentalrootkit.org/?p=10
> Another thing, please: What's the "Object manager"?
That's a term used in the Flask security architecture, which SELinux
implements. See:
http://www.nsa.gov/selinux/papers/flask-abs.cfm
--
Stephen Smalley
National Security Agency
_________________________________________________________________
Personalizza MSN Messenger con sfondi e fotografie!
http://www.ilovemessenger.msn.it/
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
