distributing custom policy
Stephen Smalley
sds at tycho.nsa.gov
Wed Jun 15 18:56:04 UTC 2005
On Wed, 2005-06-15 at 14:53 -0400, Security News wrote:
> Sorry, in the first post I meant to say that I wanted to install the
> policycoreutils<version>.rpm (the devil really is in the details.)
>
> --the reason for needing this rpm is that I am hoping to be able to
> install a custom policy and file-labelling without installing the
> source configuration files. This is just so that even a root user
> could be kept from editing my policy.conf files. I need the coreutils
> b/c if the source config files are not going to be present then
> neither is the Makefile, so I would need to use "fixfiles relabel" and
> "load_policy".
>
> Unless, there is a better way to load and relabel when not installing
> the config source files.
>
> I am hoping to have this installation be performed by someone else
> somewhere else, and to make the installation as mindless as possible
> for them.
policycoreutils is always needed for SELinux, so it should already be
installed on the base FC3 systems running targeted policy. You would
only need to install a different version of it if your strict policy
relies on a newer base version of policycoreutils than the stock FC3 one
(at which point you may want to check whether you also require a newer
libsepol and libselinux as well).
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list