On 05/02/11 14:27, Dominick Grift wrote:
By the way, these policy related questions should go to
refpolicy@xxxxxxxxxxxxxx maillist.
Hi Dominick, thanks for your replies to my issues.
When I hit trouble, I thought I had hit something other than regular
policy issues, but this was incorrect. I have missing access_vectors,
and face some other issues (due to a combination of recent software and
non-standard file locations), but all appear to be surmountable through
a custom policy build.
I've learned a lot in a short time, thanks in large part to reading some
key posts in this mailing list, and my system is firmly in the realm of
policy tweaking now. Mostly I'm twiddling booleans and changing file
contexts to match Arch Linux at this point, with cron and syslog-ng the
only services with issues. My "semanage permissive -a" functionality is
broken, as the "/var/lib/selinux" path I see hardcoded into semanage
does not exist on my system, but it was no bother to hand code a
permissive module to get my logging working for now. So I can run
enforcing from boot whilst I finish up, no problem.
It looks like Fedora have already addressed some of the core refpolicy
issues I've faced (problems unrelated to Arch file locations), but
patches had not made it upstream the last time I checked. I'd also like
to see a passenger module make it into refpolicy. So, I still have some
outstanding refpolicy queries, which I'll take over to the mailing list
you mention.
Thanks again.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
