New packages and custom Selinux policies
Peter Smith
peter.smith at utsouthwestern.edu
Wed May 9 19:59:49 UTC 2007
I wrote an in-house RPM that is getting installed without error.
However, on SELinux Enforcing machines using the targeted policy, it
doesn't allow executing my app. I have the following questions about this.
*) What's the recommended method for supporting non-core apps to be
installed *and* be supported under SELinux policies? I figured I'd
create a 2nd RPM that provides a compiled SELinux policy to be added at
runtime to the system policy.
a) If it is recommended to make 2 seperate RPMs for an application--one
for the app and one for the policy--how do you ensure the policy is
always loaded with the system? I've opted to create an init script to
handle this.
b) Should the policy get compiled during the SRPM-RPM build process or
should it be compiled out-of-band and then just packaged into the RPM.
In other words, with custom policies, is the expectation that you'd need
to rebuild them whenever updating SELinux in any way?
It appears that there's no provision to support 3rd-party non-core
applications as far as SELinux policies are concerned.
Thanks,
Peter
More information about the fedora-selinux-list
mailing list