Hi Stephen, My goal is to study how to use SElinux policy for an application running on Centos. My approach is to build everything into one single RPM for easy installation/upgrade/change. This includes both the ref policy and application policy. I started out by building the RPM with only ref policy. I will add in app policy after I make sure this RPM works well. David On Fri, Dec 11, 2015 at 9:07 AM, Higgs, Stephen <Stephen.Higgs@xxxxxxxx> wrote: > I have not installed the ref policy for CentOS, but consider that SELinux policy modules are a great avenue to customize your system. Maybe you should tell us what you are trying to achieve? > > --Stephen > > >> -----Original Message----- >> From: David Li [mailto:dlipubkey@xxxxxxxxx] >> Sent: Friday, December 11, 2015 11:31 AM >> To: Higgs, Stephen >> Cc: selinux@xxxxxxxxxxxxx >> Subject: Re: A newbie's question >> >> Hi Stephen, >> >> If I install my own ref policy RPM on the Centos7 box, would that >> replace the existing or stock ref policy? >> >> David >> >> On Tue, Dec 8, 2015 at 10:48 AM, Higgs, Stephen <Stephen.Higgs@xxxxxxxx> >> wrote: >> >> -----Original Message----- >> >> From: Selinux [mailto:selinux-bounces@xxxxxxxxxxxxx] On Behalf Of >> >> David Li >> >> Sent: Tuesday, December 08, 2015 1:29 PM >> >> To: selinux@xxxxxxxxxxxxx >> >> Subject: A newbie's question >> >> >> >> Hi, >> >> >> >> I thought I would post this question here in addition to the Fedora >> >> list to get more help. >> >> >> >> ---- >> >> >> >> Maybe this is just for my own clarifications; I am about to start >> >> SELinux learning and development. I have a stock Cento 7.1 install >> >> and I am curious what''s difference between the following two: >> >> >> >> 1. Enable SElinux and setenforce 1 on the stock install >> >> >> >> vs. >> >> >> >> 2. Build a reference policy RPM and install it on the box. Then do >> >> step >> >> 1 as above. >> >> >> >> Are there any differences in terms of ref policy? Would step 1 also >> >> have the ref policy enabled by default too? >> >> >> >> Thanks. >> >> _______________________________________________ >> >> Selinux mailing list >> >> Selinux@xxxxxxxxxxxxx >> >> To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. >> >> To get help, send an email containing "help" to Selinux- >> >> request@xxxxxxxxxxxxx. >> > >> > CentOS 7.1 has the reference policy installed, but there could be a >> difference in version of the RPM reference policy and the version that >> is current for 7.1. >> > >> > The seinfo command is one way to show what is currently installed. >> > >> > --Stephen >> > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
