Eric Paris wrote:
I've got a minimal policy and a small policy module I wrote (ok the 'policy' is the kernel mdp, but who cares) I can do: checkmodule -o policy.bin policy.conf checkmodule -m -o filename.mod filename.te To generate a base module and a 'normal' module. I can use: dismod policy.bin l filename.mod to load the base module and then link in the 'normal' module. But I don't know to make it expand.
you could use semodule_link in policycoreutils and then gdb through semodule_expand.
I'd like to turn the policy.conf + filename.te into a fully linked expanded kernel policy.X but I'm not sure what magic incantation I need to use..... (No cat filename.te>> policy.conf; checkpolicy -o policy.X policy.conf is no adequate. It's somewhere in expand that things seems to be breaking so I want as small of a policy and as small of steps as I can make to debug where things are dying) -Eric
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
