On 05/19/2010 06:34 AM, Stephen Smalley wrote:
On Wed, 2010-05-19 at 06:21 -0700, Justin P. Mattock wrote:
On 05/19/2010 03:04 AM, Shaz wrote:
It's very true that both SELInux policy and policy store are
arch-independent. It takes about 70 minutes to build the policy store from
scratch on my embedded target, but I could copy and use the host policy
store on the target, only that it will take 20 minutes each time to change
SELinux attribute on the fly by the semanage tool, so I think I'd better
save all the trouble by committing the changes to SELInux source code on the
host instead.
Sounds interesting. Let me try it too.
yep.. I built a policy on x86_64
then copied it to all my other machines(i586)
(no problem), but things like libselinux
will probably be a different story.
Well, yes, because libselinux is executable code. policy is just data.
hmm.. I'm wondering if something could be modified
with monolithic policies and the whole policy
version thing i.g. build.conf:
# Policy version
# By default, checkpolicy will create the highest
# version policy it supports. Setting this will
# override the version. This only has an
# effect for monolithic policies.
#OUTPUT_POLICY = 18
Justin P. Mattock
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
