On 12/02/2009 05:21 PM, Dominick Grift wrote:
Ah, but therein seems to lie the rub for me: near as I can tell,
there were some major changes made in how the policy is written
somewhere around the late May/early June timeframe. All of the
documentation that I can find refers to the new framework, whereas
the policy I'm using appears to be based on the old framework. As a
consequence, just about the time I think I'm starting to get a
handle on what works how, I run into something that doesn't
correspond to what the SELinux docs are telling me.
A good is example is refpolicy itself: the policy explained at the
tresys site:
http://oss.tresys.com/projects/refpolicy/wiki/UseRefpolicy
Seems to be rather well thought ought, and reasonably logical and
orthoginal. It also seems to bear little resemblance to what I'm
using. The instructions for the tools that I come across seem to
mostly reference things that don't even exist for me, or if they did
exist would be absolutely useless to me because they are GUI tools,
and my systems don't even have X installed.
As far is a know the structure is pretty much the same
There are a good many types, transitions, and helper macros that don't
seem to exist in the Gentoo policy.
I realize that a good deal of this is almost certainly due to the
fact that I'm on Gentoo. I'd much rather be part of the solution
than part of the problem, so I want to get to where I can start
helping with Gentoo's SELinux implementation, but I'm so blasted
confused I don't even rightly know how to start.
As I've said previously, Gentoo SEEMS to be using policy and tools
from RHEL 4's incarnation of SELinux. That's all well and good,
EXCEPT that the documentation describing the policies and tools
seems to have gone wandering, so those of use poor schmucks stuck
schlepping through the muck of the previous generation's tools have
no clue where we are or where we are going, and since I don't even
have the source for the policies that I AM using, I'm stuck with my
finger up my nose going "Whuh?"
Well i am not sure but it is unlikely like El4. Any open source project should make the source available so it should be somewhere..
Good point. And pursuing that angle, I have in fact found the source
for the Gentoo policy. I'm digging through it now. Fortunately, the M4
macro language is pretty simple. ;)
Later,
Chris
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
