custom selinux policy
Daniel J Walsh
dwalsh at redhat.com
Tue Nov 29 16:32:41 UTC 2005
Laurent Jacquot wrote:
> Hello,
> I can no longer build my custom selinux policy with recent upgrades (SE
> policy source replaced with SE policy).
> What is the new way (used to be make reload)?
>
> tx in advance
> jk
>
>
You need to use loadable modules. Take a look a the man page for
audit2allow, for some explanation. I don't know if we have a good
description available yet for loadable policy.
The hardest part of converting your local.te into a loadable module will
be writing the require section.
You need to define all types, class and roles in this section in order
to get the loadable module.
==================================================================================
module local 1.0;
require {
role system_r;
class fifo_file { getattr ioctl };
type cupsd_config_t;
type unconfined_t;
};
allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl };
==================================================================================
--
More information about the fedora-devel-list
mailing list