Re: Does it matter where .cil modules are build.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Oh okay cool I understand now. It just built and everything went smoothly. Thanks guys. 

On 08/03/2015 02:21 AM, Miroslav Grepl wrote:

On 07/31/2015 10:26 PM, Dan wrote:

Yeah I'm just looking to build selinux policies to confine applications,
etc, with the cil language and nothing else, so when you say the policy
store is that the /var/lib/selinux/targeted/active/modules/400 directory?

On 07/31/2015 10:13 AM, James Carter wrote:

On 07/31/2015 12:56 AM, Dan wrote:

Hello everyone,

       I have been reading up on the cil documentation and am starting
to get the
hang of it and have successfully built my first module. I have a a
module called
test.cil. Now my only question on is where exactly would I put this
module to
build it or does it not matter where you stick them at? I know when
you take the
.pp packages and convert them to .cil  they get stored in
/var/lib/selinux/targeted/active/modules/400, but I'm just using the
secilc
compiler and nothing else to build policy.

/var/lib/selinux is a default location for your module store. It can be
changed in semanage.conf.

Basically if you want to add a local policy module, just use

# semodule -i mypol.cil

This module will be loaded with the default priority for custom policies.

# semodule --list-module=full |grep mypol
400 mypol                    cil


If you are using the CIL compiler to build the whole policy, then it
doesn't matter where the files are located. Just specify all of the
files that are part of the policy on the command line for secilc.

Do note that the CIL compiler does not build modules, it builds the
complete policy, so if you are only building a module than it should
go into the policy store. You should also use the policy store if you
want to use the management functions of semanage.


_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to
Selinux-request@xxxxxxxxxxxxx.




_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux