On 06/27/2010 08:04 PM, Mr Dash Four wrote: > >> On 06/27/2010 06:40 PM, Mr Dash Four wrote: >> >> >>> I have two more queries though - if I want to use this module (the .pp >>> file) on a system which is built from a ks file (using standard >>> kickstart tools) do I just copy myshorewall.pp to >>> /etc/selinux/targeted/modules/active/modules on the target system in >>> order to use this module? Would that be enough? >>> >> >> You cannot simply copy it (need to install it (semodule -i). But you can >> use a single binary presentation on most selinux enabled system (e.g. >> deploy the single myshorewall.pp to various similar configured systems.) >> > Does that mean if the policy is compiled on i686-based machine it can > then run/be deployed on a x86_64 and visa versa? Yes policy is arch-independent. > Also, does semodule need to have a running SELinux as I need to deploy > this module on a Linux system (image) which does NOT have SELinux > running (yet)? Not sure, try it out. > In other words, if I issue this command in chroot-ed environment would > that be enough? The "%post" section of the kickstart file does just that > - it chroots to the image as it has been built and from there I can do > whatever I like on the actual image, though this is not a running system > - i.e. SELinux on that system is not loaded! If that is possible and if > I run on different architectures (say the image is for x86_64 and the > machine on which the image is built is i686) would it matter? The policy is arch-independent but i am not sure if it can be installed on a system that has no selinux enabled. I think it is possible but i am not sure. You will still have the issue that you would have to relabel the filesystem on each boot though. > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
