EL6 reference policy sources?
I believe tresys had been hosting sources for reference policies on different
linux platforms, which is not the case anymore. This ML is the closest thing to a help - which package contains sources for all the .pp modules coming as part of "targeted" policy implementation on EL6? I tried to install most of SELinux-related *-devel packages with no success (only got .fi files, but not the .te)? Should I be downloading SRPMs ? -- Dmitry Makovey Web Systems Administrator Athabasca University (780) 675-6245 --- Confidence is what you have before you understand the problem Woody Allen When in trouble when in doubt run in circles scream and shout http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330 -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
EL6 reference policy sources?
On Wed, 2012-02-01 at 14:51 -0700, Dmitry Makovey wrote:
> I believe tresys had been hosting sources for reference policies on different > linux platforms, which is not the case anymore. This ML is the closest thing > to a help - which package contains sources for all the .pp modules coming as > part of "targeted" policy implementation on EL6? I tried to install most of > SELinux-related *-devel packages with no success (only got .fi files, but not > the .te)? Should I be downloading SRPMs ? If you want to see the source for the installed policy then indeed you would download the source rpm corresponding to the rpm that you have installed for selinux-policy-targeted. After that you can extract the rpm (alter click on the package and select "extract here" or use the command line tools to extract the source rpms). Also extract the serefpolicy.tgz file that was extracted from the source rpm. Then you would also prep the source by applying the enclose redhat patches. After the patches are applied, you can browse the source policy that is in the serefpolicy directory. I hope this helps > -- > selinux mailing list > selinux@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
EL6 reference policy sources?
On 2/1/2012 5:00 PM, Dominick Grift wrote:
On Wed, 2012-02-01 at 14:51 -0700, Dmitry Makovey wrote: I believe tresys had been hosting sources for reference policies on different linux platforms, which is not the case anymore. This ML is the closest thing to a help - which package contains sources for all the .pp modules coming as part of "targeted" policy implementation on EL6? I tried to install most of SELinux-related *-devel packages with no success (only got .fi files, but not the .te)? Should I be downloading SRPMs ? If you want to see the source for the installed policy then indeed you would download the source rpm corresponding to the rpm that you have installed for selinux-policy-targeted. After that you can extract the rpm (alter click on the package and select "extract here" or use the command line tools to extract the source rpms). Also extract the serefpolicy.tgz file that was extracted from the source rpm. Then you would also prep the source by applying the enclose redhat patches. After the patches are applied, you can browse the source policy that is in the serefpolicy directory. I hope this helps -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux An easier way than extracting and patching by hand would be to do this rpm -ihv <policy-source-rpm>.src.rpm cd ~/rpmbuild/SPECS rpmbuild -bp <SPECFILE> #build prep <bp> Once you've done that the ~/rpmbuild/BUILD directory should contain directory with an extracted and patched tree based on the spec file name. Dave -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
EL6 reference policy sources?
On February 1, 2012 20:37:05 Dave Quigley wrote:
> An easier way than extracting and patching by hand would be to do this > > rpm -ihv <policy-source-rpm>.src.rpm > cd ~/rpmbuild/SPECS > rpmbuild -bp <SPECFILE> #build prep <bp> ok, so it sounds like SRPM is the only way to get those... I'm familiar with those, just didn't want to 'build" hoped for something online/system-wide I can share with other sysadmins as a reference, oh well (yes I know I can make a copy system-wide, but there's a lot of "manual" in keeping it up-to-date ;) ... Now I have tried: $ sudo yumdownloader --disableplugin=protectbase,cpacman_yum --source selinux- policy-3.7.19-93.el6_1.7 Loaded plugins: rhnplugin Enabling epel-source repository No source RPM found for selinux-policy-3.7.19-93.el6_1.7.noarch Nothing to download same happens when I omit the version from the request. Does anybody know whether there is an "easy" way of doing it other than RHN/Google/RPMFind ? ( I do realize it's a question for a different ML, but just in case somebody has a "quick" answer handy ;) > > Once you've done that the ~/rpmbuild/BUILD directory should contain > directory with an extracted and patched tree based on the spec file name. > Dave -- Dmitry Makovey Web Systems Administrator Athabasca University (780) 675-6245 --- Confidence is what you have before you understand the problem Woody Allen When in trouble when in doubt run in circles scream and shout http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330 -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
EL6 reference policy sources?
On Thu, 2012-02-02 at 09:59 -0700, Dmitry Makovey wrote:
> On February 1, 2012 20:37:05 Dave Quigley wrote: > > An easier way than extracting and patching by hand would be to do this > > > > rpm -ihv <policy-source-rpm>.src.rpm > > cd ~/rpmbuild/SPECS > > rpmbuild -bp <SPECFILE> #build prep <bp> > > ok, so it sounds like SRPM is the only way to get those... I'm familiar with > those, just didn't want to 'build" hoped for something online/system-wide I > can share with other sysadmins as a reference, oh well (yes I know I can make > a copy system-wide, but there's a lot of "manual" in keeping it up-to-date ;) > ... Now I have tried: > > $ sudo yumdownloader --disableplugin=protectbase,cpacman_yum --source selinux- > policy-3.7.19-93.el6_1.7 > Loaded plugins: rhnplugin > Enabling epel-source repository > No source RPM found for selinux-policy-3.7.19-93.el6_1.7.noarch > Nothing to download > > same happens when I omit the version from the request. Does anybody know > whether there is an "easy" way of doing it other than RHN/Google/RPMFind ? ( I > do realize it's a question for a different ML, but just in case somebody has a > "quick" answer handy ;) ftp://ftp.redhat.com/redhat/linux/enterprise/6Server/en/os/SRPMS/selinux-policy-3.7.19-93.el6_1.7.src.rpm > > > > Once you've done that the ~/rpmbuild/BUILD directory should contain > > directory with an extracted and patched tree based on the spec file name. > > Dave > > > -- > selinux mailing list > selinux@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
EL6 reference policy sources?
On February 2, 2012 18:26:13 Dominick Grift wrote:
> > $ sudo yumdownloader --disableplugin=protectbase,cpacman_yum --source > > selinux-policy-3.7.19-93.el6_1.7 > > Loaded plugins: rhnplugin > > Enabling epel-source repository > > No source RPM found for selinux-policy-3.7.19-93.el6_1.7.noarch > > Nothing to download > > > > same happens when I omit the version from the request. Does anybody know > > whether there is an "easy" way of doing it other than > > RHN/Google/RPMFind ? ( I do realize it's a question for a different ML, > > but just in case somebody has a "quick" answer handy ;) > > > ftp://ftp.redhat.com/redhat/linux/enterprise/6Server/en/os/SRPMS/selinux-pol > icy-3.7.19-93.el6_1.7.src.rpm in other words - "no" :) thanks for the help though, through rebuilding package I have discovered that there's selinux-policy-doc file (BTW - is it me or is it a strange suffix? I though everything else used -docs suffix, no?) Abovementioned file has some HTML reference of most of the tunables and other things I can use building my own policies. -- Dmitry Makovey Web Systems Administrator Athabasca University (780) 675-6245 --- Confidence is what you have before you understand the problem Woody Allen When in trouble when in doubt run in circles scream and shout http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330 -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
EL6 reference policy sources?
On Thu, 2012-02-02 at 12:04 -0700, Dmitry Makovey wrote:
> in other words - "no" :) thanks for the help though, through rebuilding > package I have discovered that there's selinux-policy-doc file (BTW - is it me > or is it a strange suffix? I though everything else used -docs suffix, no?) > Abovementioned file has some HTML reference of most of the tunables and other > things I can use building my own policies. > eclipse-slide eclipse plugin is nicer imho. It is pretty easy to port to el6 as well. basically just use fedora14 eclipse-slide srpm to rpmbuild --rebuild it on el6 (also a few dependencies would need the same treatment but theyre also available from fedora) these vids have a least some intro to eclipse-slide: https://www.youtube.com/watch?v=s4EyoW_7riQ https://www.youtube.com/watch?v=x2soA3CD2pY&feature=plcp&context=C3927bd3U DOEgsToPDskIl3xy3igroKtda2G7mZQFI -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
EL6 reference policy sources?
On February 2, 2012 20:32:57 Dominick Grift wrote:
> On Thu, 2012-02-02 at 12:04 -0700, Dmitry Makovey wrote: > > in other words - "no" :) thanks for the help though, through rebuilding > > package I have discovered that there's selinux-policy-doc file (BTW - is > > it me or is it a strange suffix? I though everything else used -docs > > suffix, no?) Abovementioned file has some HTML reference of most of the > > tunables and other things I can use building my own policies. > > eclipse-slide eclipse plugin is nicer imho. > It is pretty easy to port to el6 as well. basically just use fedora14 > eclipse-slide srpm to rpmbuild --rebuild it on el6 (also a few > dependencies would need the same treatment but theyre also available > from fedora) thanks for sharing this. My workstation is F16 so I get all the goodies and no headache of backporting to EL6, the drawback is that to really test things I have to do it on the server. > these vids have a least some intro to eclipse-slide: > > https://www.youtube.com/watch?v=s4EyoW_7riQ > https://www.youtube.com/watch?v=x2soA3CD2pY&feature=plcp&context=C3927bd3U DO > EgsToPDskIl3xy3igroKtda2G7mZQFI nice, thanks! -- Dmitry Makovey Web Systems Administrator Athabasca University (780) 675-6245 --- Confidence is what you have before you understand the problem Woody Allen When in trouble when in doubt run in circles scream and shout http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330 -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
| All times are GMT. The time now is 07:21 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.