FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 07-10-2008, 08:05 PM
Jan Kasprzak
 
Default Local modifications best practices?

Hello,

are there any best practices for storing local modifications to the
security policy? Where to put local *.fc and *.te files and how to
create and install the binary modules from them?

For example - on my router I keep the state data
(arpwatch, dhcpd.leases, etc) on a shared DRBD volume, so I need
to add local *.fc file for this volume, in order arpwatch and dhcpd
can access it.

So far I have put the local *.te and *.fc files into /root/selinux,
created /root/selinux/Makefile, and I use "make" for compiling the
modules, and "make install" for installing them. Is there any canonical
way of doing this on Fedora?

Thanks,

-Yenya
--
| Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839 Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ |
>> If you find yourself arguing with Alan Cox, you’re _probably_ wrong. <<
>> --James Morris in "How and Why You Should Become a Kernel Hacker" <<

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-10-2008, 08:15 PM
Stephen Smalley
 
Default Local modifications best practices?

On Thu, 2008-07-10 at 22:05 +0200, Jan Kasprzak wrote:
> Hello,
>
> are there any best practices for storing local modifications to the
> security policy? Where to put local *.fc and *.te files and how to
> create and install the binary modules from them?
>
> For example - on my router I keep the state data
> (arpwatch, dhcpd.leases, etc) on a shared DRBD volume, so I need
> to add local *.fc file for this volume, in order arpwatch and dhcpd
> can access it.
>
> So far I have put the local *.te and *.fc files into /root/selinux,
> created /root/selinux/Makefile, and I use "make" for compiling the
> modules, and "make install" for installing them. Is there any canonical
> way of doing this on Fedora?

I don't think so, yet.

The policy packages install under /usr/share/selinux/$SELINUXTYPE.
Looks like some packages are installing
under /usr/share/selinux/packages/$PACKAGENAME, e.g. BackupPC is putting
its module .pp file there.
The recent semanage permissive support is dynamically creating
permissive domain modules under /var/lib/selinux but those are just
temporary files I think to generate a .pp file and install it - they
don't need to keep the .te file around afterward.

--
Stephen Smalley
National Security Agency

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 04:20 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org