On Mon, 2012-04-09 at 19:49 +0200, Dominick Grift wrote: > On Mon, 2012-04-09 at 19:38 +0200, Gabriele Pohl wrote: > > Hi all, > > > > I've installed a software from the sources on a CentOS 6.2 box > > and would like to setup a SELinux policy for it. > > > > As I already use the software on my Fedora 15 server > > Source RPM : BackupPC-3.2.1-7.fc15.src.rpm > > I would like to use the wisdom from the existing policy module: > > /usr/share/selinux/packages/BackupPC/BackupPC.pp > > > > I found this forum thread: > > http://www.linuxquestions.org/questions/showthread.php?p=4548316#post4548316 > > > > > > which ended with the hint: > > "Use the tools from the setools package." > > > > I tried this, but wasn't successful. > > All the time running into errors telling me, > > that these cannot open the policy file, > > as it is no "base policy" > > > > Can you help with instructions? > > Or tell me, where to find the .te file of the Fedora package? > > > > Thanks in advance and kind regards > > > > Gabriele > > > > PS: I found this instruction on how to generate the .pp > > from the audit messages. So if there is really no way > > to /decompile/ the .pp I will go this way: > > http://www.advisorbits.com/2011/03/backuppc_on_centos_5_selinux_fix.html > > There is currently no way to disassemble .pp files as far as i know You can get most of the way there via semodule_unpackage and sedismod. But even that will just give you a low level dump of the rules, not the original .te sources, so it is better to get the original .te file if you can. sedismod could use some work to produce output that can be directly placed in a .te file; it was originally just created as a developer/debugging tool, not for this purpose. semodule_unpackage sources have been posted a few times and are now part of policycoreutils in recent Fedora. sedismod is part of checkpolicy. -- Stephen Smalley National Security Agency -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux