On 06/27/2010 06:40 PM, Mr Dash Four wrote:
> I have two more queries though - if I want to use this module (the .pp
> file) on a system which is built from a ks file (using standard
> kickstart tools) do I just copy myshorewall.pp to
> /etc/selinux/targeted/modules/active/modules on the target system in
> order to use this module? Would that be enough?
You cannot simply copy it (need to install it (semodule -i). But you can
use a single binary presentation on most selinux enabled system (e.g.
deploy the single myshorewall.pp to various similar configured systems.)
all the modules in active/ are compiled into a policy database file
policy/policy.X.
If you just copy it to active it is not compiled into the actual policy
database yet.
>
> I also need to mention that the target system's root ('/') is
> 'read-only' in a sense that even though the content in it can be changed
> it does NOT survive the boot (it is done as a unionfs of a ram disk and
> the read-only system where all the files and programs are, so changes
> get preserved in the ram part for the life of the session, but are gone
> the next time the machine is rebooted) - this is done for extra security
> and saved my neck on quite a few occasions!
>
> Second query in relation to this - when I build the system can I do the
> relabelling on the target system at the time when the image is built? If
> so, how do I do that (ideally I would like to do that during the image
> building process, in the %post section perhaps, of the .ks script)?
>
> The reason for that is, as I put it above, the changes made once the
> image is built are not preserved, and I do not want to be relabelling on
> every reboot as it is too damn slow!
>
>
> Thanks again!
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
