Yeah I'm just looking to build selinux policies to confine applications,
etc, with the cil language and nothing else, so when you say the policy
store is that the /var/lib/selinux/targeted/active/modules/400 directory?
On 07/31/2015 10:13 AM, James Carter wrote:
On 07/31/2015 12:56 AM, Dan wrote:
Hello everyone,
I have been reading up on the cil documentation and am starting
to get the
hang of it and have successfully built my first module. I have a a
module called
test.cil. Now my only question on is where exactly would I put this
module to
build it or does it not matter where you stick them at? I know when
you take the
.pp packages and convert them to .cil they get stored in
/var/lib/selinux/targeted/active/modules/400, but I'm just using the
secilc
compiler and nothing else to build policy.
If you are using the CIL compiler to build the whole policy, then it
doesn't matter where the files are located. Just specify all of the
files that are part of the policy on the command line for secilc.
Do note that the CIL compiler does not build modules, it builds the
complete policy, so if you are only building a module than it should
go into the policy store. You should also use the policy store if you
want to use the management functions of semanage.
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
