On Thu, Oct 08, 2009 at 11:08:01AM -0700, Nathan Kinder wrote: > On 10/08/2009 10:47 AM, Dominick Grift wrote: > >On Thu, Oct 08, 2009 at 09:19:21AM -0700, Nathan Kinder wrote: > >>I'm writing two policy modules for two separate packages > >>(389-ds-base and 389-admin). I would like to expose some macros via > >>an interface from my dirsrv policy for use by the dirsrv-admin > >>policy. I have defined an interface in my dirsrv.if file and built > >>and installed the dirsrv policy module. Apparently, this doesn't > >>expose the interface as I get an error when building my dirsrv-admin > >>policy that indicates that it doesn't know anything about my new > >>interface. > >Make sure that both source policies are in the same directory. For example i put all my .te, .if and .fc files in ~/modules > >Than build the source policy modules: cd ~/modules; make -f /usr/share/selinux/devel/Makefile > > > >Finally install them: semodule -i ~/modules/*.pp > > > >This works for me. > The source for these two modules are installed in two different git > repositories, and I'd prefer to keep them separate and be able to > build them standalone. > > I've found that I can place my .if file in > /usr/share/selinux/devel/include/services and it will be located > when building the second policy module, but I'm guessing it's not > really proper for me to install it there. > > Is there some sort of include path for interface files that can be > set at policy module build time? I'd be fine with having a > "389-ds-base-selinux-devel" package that installs my interface file > somewhere which could then be used when building the > "389-admin-selinux" package. The questions are where is there a > standard place install the .if file and is there a way to specify > the interface include path when building policy? I think /usr/share/selinux/devel/include/ would be a proper place to put your shared policy. I would create devel packages that basically copy the interface files there. > >>What is the proper way to expose a policy interface? Does my > >>dirsrv.if file need to be installed on the system somewhere > >>specific? > >> > >>Thanks, > >>-NGK > >> > >>-- > >>fedora-selinux-list mailing list > >>fedora-selinux-list@xxxxxxxxxx > >>https://www.redhat.com/mailman/listinfo/fedora-selinux-list > >>------------------------------------------------------------------------ > >> > >>-- > >>fedora-selinux-list mailing list > >>fedora-selinux-list@xxxxxxxxxx > >>https://www.redhat.com/mailman/listinfo/fedora-selinux-list > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Attachment:
pgpmAb306Xu3L.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
