On Thu, 2008-07-10 at 22:05 +0200, Jan Kasprzak wrote: > Hello, > > are there any best practices for storing local modifications to the > security policy? Where to put local *.fc and *.te files and how to > create and install the binary modules from them? > > For example - on my router I keep the state data > (arpwatch, dhcpd.leases, etc) on a shared DRBD volume, so I need > to add local *.fc file for this volume, in order arpwatch and dhcpd > can access it. > > So far I have put the local *.te and *.fc files into /root/selinux, > created /root/selinux/Makefile, and I use "make" for compiling the > modules, and "make install" for installing them. Is there any canonical > way of doing this on Fedora? I don't think so, yet. The policy packages install under /usr/share/selinux/$SELINUXTYPE. Looks like some packages are installing under /usr/share/selinux/packages/$PACKAGENAME, e.g. BackupPC is putting its module .pp file there. The recent semanage permissive support is dynamically creating permissive domain modules under /var/lib/selinux but those are just temporary files I think to generate a .pp file and install it - they don't need to keep the .te file around afterward. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
