[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: package review?



Michael Thomas wrote:
A few packages (game server daemons) that I maintain in Fedora Extras
would benefit from having a selinux security policy available.  But
since I'm new to writing selinux policies, I was hoping that someone
from f-s-l could take a peek at what I did and let me know if I've done
things correctly and in the 'recommended' way.

I've already tested the policy on FC5 to make sure that it works and
produces no 'avc denied' messages:

http://www.kobold.org/~wart/fedora/crossfire-1.9.1-2.src.rpm

I wasn't sure exactly which networking rules I would need.  Most of the
ones there were generated by policygentool.  I also couldn't figure out
why some of the rules at the end of crossfire.te were necessary.

I don't see any domain transition to crossfire_t in your policy; how does it get into that domain?

Your policy file includes a comment about wanting to patch out use of temp files; another option would be to use your own domain for temp files, as you've done for the log files.

Did you follow the guide on Packaging/SELinux on the wiki for actually building the module in your package? I've changed what I do for package building since I last updated that page (and I can't update it any more) and you'll find it won't build on rawhide as there is an selinux-policy-devel package you need as a buildreq there.

An example of the way I'm currently doing SELinux module packaging can be found here:

http://www.city-fan.org/~paul/extras/mod_fcgid/mod_fcgid.spec

Paul.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]