Re: Update to docs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Yeah it is a bit unwieldy, currently I use the include mechanism to include stuff in a device/sepolicy folder. Right now, the only thing I have modified in the base policy that I don't have upstream is commenting out inits transition rule to shell domain on exec of shell_exec.

It would be really nice to do something like seapp_contexts but for the selinux policies.

Bill


On Fri, Sep 14, 2012 at 9:29 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
On Fri, 2012-09-14 at 16:19 +0000, Radzykewycz, T (Radzy) wrote:
> There have been a couple times when I wanted to remove a rule from the
> system policy for a specific BSP.  So I guess I would vote for
> override if I need to choose one or the other.  But would it be
> reasonable to allow both overrides and concatenates ?  That would be
> my preference.

Maybe we could provide two variables definitions in the makefiles, one
for policy files that should replace/override and one for policy files
that should concatenate/union with the base policy files?

--
Stephen Smalley
National Security Agency




--
Respectfully,

William C Roberts


[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux