Daniel J Walsh wrote:
On 08/25/2009 06:43 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
We are looking for a well documented procedure to add AV assertion to
selinux policy on RHEL5.
So far all SELinux URL links refer to the fact that the AV assertion
needs to be added to assert.te file under $SELINUX_SRC folder.
This appears to be true only for RHEL4 not RHEL5 since there is no src
folder under /etc/selinux/targeted that contains the source policies in
RHEL5.
We have installed and built the selinux-policy-2.4.6-248.el5.src.rpm on
our RHEL5.4 box and we did not find any assert.te file.
Can someone help us with the exact method as to what needs to be done to
add an AV assertion rule to our policy.
Thanks
Anamitra& Radha
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
questions like this should be asked on the SELinux<selinux@xxxxxxxxxxxxx> Mail List.
I am not sure what you are asking for.
assert.te was the old place for neverallow rules in the example policy. In the
reference policy neverallows are put in their appropriate place (you could grep
for them in the source policy if you want to see).
However, with RHEL5 and greater distros you can just insert policy modules to
add rules (including assertions). So just follow the RHEL5 instructions on
adding a policy and you can add neverallows there.
You also need to enable assertion checking by adding this line to
/etc/selinux/semanage.conf
expand-check = 1
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
