On 18/05/2018 14:56, Stephen Smalley wrote:
As to your first point, yes, presently you have to separately keep your source .te/.fc files around to make future changes in that form. With a modern selinux userspace however you can extract the CIL version of the policy module via semodule -c -E, edit that, and then re-insert it.
Does RHEL 7.5+ qualifies as "modern selinux userspace"?
With respect to the second point, yes, the name of each policy module has to be unique, so you do have to be mindful of that. The distros should likely should define some policy module namespacing rules for local policy modules so that you can at least know that you never need to worry about conflicts with distro-provided or third party package policy. And perhaps audit2allow should automatically use such a prefix.
Can you point me to any documentation regarding distro-specific policy roule naming?
Thanks you for your very valuable informations! -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.danti@xxxxxxxxxx - info@xxxxxxxxxx GPG public key ID: FF5F32A8 _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx/message/PY63SI3NF7LC5VD3OZNYQSWDYM7ARBMN/
