On Thu, 30 Nov 2006, Stephen Smalley wrote:
On Thu, 2006-11-30 at 14:05 -0500, Steve Friedman wrote:
Let me give an example. We use postfix at my organization. It has a
number of configuration files. Using a makefile (an early version of
which was copied from the web), the script (via make) issues the relevant
commands to build the necessary hash files, etc. I would envision a
similar situation here: I would distribute one or more ASCII
configuration files for the local customization along with a makefile that
would determine what commands needed to be issued to build the appropriate
policy.
In effect, I was asking for the details of the makefile. After updating
(say) booleans.local, what needs to be executed, etc.
Yes, at present, it would be a matter of copying the new booleans.local
into place and running semodule -B on the target machine. Going
forward, we need utilities that can export/dump and import the data
without requiring manual copying of the raw files. In the booleans
case, that just means an option to getsebool to dump local booleans in a
format easily consumed by setsebool (or some new option to setsebool);
this requires finally migrating getsebool over to using libsemanage
rather than directly reading the kernel state via selinuxfs (or at least
supporting such an option as well).
Great. One last question, if I may: are there any other ".local" files
besides booleans.local and file_contexts.local? This, plus Dan Walsh's
blog post (http://danwalsh.livejournal.com/8637.html, for the archives),
and I think that I am set.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
