On Nov 24, 2008, at 10:59 AM, Andy Warner wrote:
Is it possible to create a policy module, install it, and have its
interfaces usable by other policy modules? In creating DBMS policy I
would like to provide a high level interface to the DBMS user/
developer that will allow them to create their site-specific DBMS
policy in a modular fashion. At the same time I do not want to
encourage them to directly edit the "base policy" for the DBMS.
In my attempt I simply created my "DBMS base policy" and installed
it. I then created a "DBMS local policy" that uses interfaces from
the DBMS base policy. The DBMS local policy fails to compile,
failing at the first reference to an external interface. If I place
all of the policy code in the DBMS base policy, everything works.
Therefore, I am guessing that either there is no way to make the
DBMS base policy interfaces externally usable or I need to perform
an extra step that I am no aware of.
I realize I could modify the base fedora 9 policy and add my module,
but this has been ruled out as an option.
You need to install the .if file for your base DBMS policy in /usr/
share/selinux/devel/include/MYPROJECT/
joe
As a side question, is it possible to generate the HTML "policy
help" for my modules interfaces?
Thanks,
Andy
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.