On 7/22/2014 5:16 AM, kuangjiou wrote: > Hello,everyone! > I am learnig SELinux recently and trying to enable the SELinux in > Embedded Linux. As we know, the refpolicy has too much rules to use in > the embedded devices and i also do not need so much rules in my policy. > I just want to control the accesses to some targeted files and allow the > accesses to the rest files. So is that possible to(and how can i) built > my own simpolified policy to achieve this goal? > Could anybody give me some suggestions to resolve this problem? I am > looking forward to your replies! Thank you very much! You should be able to compile refpolicy with just the kernel layer modules. Then the only domain you'd have is kernel_t plus types for handling devices and base files. Note: this discussion is best for the refpolicy mail list instead. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
