FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 04-23-2010, 12:13 PM
Daniel J Walsh
 
Default Building a modified selinux source rpm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/23/2010 07:15 AM, Alan Rouse wrote:
> I'm trying to get selinux working in a different linux distribution where
> the directory structure differs from the fedora / redhat pattern. I'm
> attempting to use the fedora selinux src rpm as a starting point, but of
> course lots of files are being labelled incorrectly due to the directory
> differences. I can identify the incorrectly labelled files and I know how
> to get them labelled correctly. But I need to be able to make a new source
> rpm based on the fedora selinux src rpm, including the necessary changes, so
> I can distribute and maintain the policy over time.
>
> I can execute "rpmbuild -bp SPECS/selinux-policy.spec" to generate the
> fedora patched policy source in the BUILD directory. Then I can make my
> changes there. But I need to be able to regenerate the src rpm including
> those changes. And I need to be able to maintain this over time as the
> reference policy evolves, by dropping in a new reference policy tgz and
> regenerating the patch files. Surely there's a better way than "vi
> policy-F12.patch"!
>
> I presume there are tools / scripts / instructions to help with this. Can
> someone point me in the right direction?
>
> Thanks!
>
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
If the alternative labels are fairly simple, why not set up file context
equivalence?

semanage fcontext -a -e -t /home /myhome
semanage fcontext -a -e -t /var/www /src/myweb

...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvRjs4ACgkQrlYvE4MpobMOSQCgp/ujmOYczfpHjFIcp24Xhnnz
/OoAoKwL84Ne1PdoIdMIHYKqJ0wjIKkr
=odVL
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 04-23-2010, 12:33 PM
Stephen Smalley
 
Default Building a modified selinux source rpm

On Fri, 2010-04-23 at 07:15 -0400, Alan Rouse wrote:
> I'm trying to get selinux working in a different linux distribution
> where the directory structure differs from the fedora / redhat
> pattern. I'm attempting to use the fedora selinux src rpm as a
> starting point, but of course lots of files are being labelled
> incorrectly due to the directory differences. I can identify the
> incorrectly labelled files and I know how to get them labelled
> correctly. But I need to be able to make a new source rpm based on
> the fedora selinux src rpm, including the necessary changes, so I can
> distribute and maintain the policy over time.
>
> I can execute "rpmbuild -bp SPECS/selinux-policy.spec" to generate
> the fedora patched policy source in the BUILD directory. Then I can
> make my changes there. But I need to be able to regenerate the src
> rpm including those changes. And I need to be able to maintain this
> over time as the reference policy evolves, by dropping in a new
> reference policy tgz and regenerating the patch files. Surely
> there's a better way than "vi policy-F12.patch"!
>
> I presume there are tools / scripts / instructions to help with this.
> Can someone point me in the right direction?

Typically you'd make a copy of the serefpolicy-x.y.z directory under the
BUILD directory, modify that copy, generate a diff, and add that to
the .spec file as a further patch on top of the existing ones (not as a
replacement for them). Then use rpmbuild to regenerate the .src.rpm
with your modifications.

A quick google search found this:
http://bradthemad.org/tech/notes/patching_rpms.php

But fundamentally it isn't any different than creating a src rpm in the
first place.

Ideally you'd upstream your changes to the refpolicy, although you may
need to regenerate your patches relative to it then.

You can wrap your entries with an ifdef(`distro_xxx', `...') and build
with DISTRO=xxx to enable them so that they are only applied for that
distro.

--
Stephen Smalley
National Security Agency

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 05:19 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org