Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   EL6 reference policy sources? (http://www.linux-archive.org/fedora-selinux-support/627916-el6-reference-policy-sources.html)

Dmitry Makovey 02-01-2012 08:51 PM

EL6 reference policy sources?
 
I believe tresys had been hosting sources for reference policies on different
linux platforms, which is not the case anymore. This ML is the closest thing
to a help - which package contains sources for all the .pp modules coming as
part of "targeted" policy implementation on EL6? I tried to install most of
SELinux-related *-devel packages with no success (only got .fi files, but not
the .te)? Should I be downloading SRPMs ?

--
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
---
Confidence is what you have before you understand the problem
Woody Allen

When in trouble when in doubt run in circles scream and shout
http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Dominick Grift 02-01-2012 09:00 PM

EL6 reference policy sources?
 
On Wed, 2012-02-01 at 14:51 -0700, Dmitry Makovey wrote:
> I believe tresys had been hosting sources for reference policies on different
> linux platforms, which is not the case anymore. This ML is the closest thing
> to a help - which package contains sources for all the .pp modules coming as
> part of "targeted" policy implementation on EL6? I tried to install most of
> SELinux-related *-devel packages with no success (only got .fi files, but not
> the .te)? Should I be downloading SRPMs ?

If you want to see the source for the installed policy then indeed you
would download the source rpm corresponding to the rpm that you have
installed for selinux-policy-targeted.

After that you can extract the rpm (alter click on the package and
select "extract here" or use the command line tools to extract the
source rpms). Also extract the serefpolicy.tgz file that was extracted
from the source rpm. Then you would also prep the source by applying the
enclose redhat patches.

After the patches are applied, you can browse the source policy that is
in the serefpolicy directory.

I hope this helps

> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Dave Quigley 02-02-2012 12:37 AM

EL6 reference policy sources?
 
On 2/1/2012 5:00 PM, Dominick Grift wrote:

On Wed, 2012-02-01 at 14:51 -0700, Dmitry Makovey wrote:

I believe tresys had been hosting sources for reference policies on different
linux platforms, which is not the case anymore. This ML is the closest thing
to a help - which package contains sources for all the .pp modules coming as
part of "targeted" policy implementation on EL6? I tried to install most of
SELinux-related *-devel packages with no success (only got .fi files, but not
the .te)? Should I be downloading SRPMs ?


If you want to see the source for the installed policy then indeed you
would download the source rpm corresponding to the rpm that you have
installed for selinux-policy-targeted.

After that you can extract the rpm (alter click on the package and
select "extract here" or use the command line tools to extract the
source rpms). Also extract the serefpolicy.tgz file that was extracted
from the source rpm. Then you would also prep the source by applying the
enclose redhat patches.

After the patches are applied, you can browse the source policy that is
in the serefpolicy directory.

I hope this helps


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux



--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux


An easier way than extracting and patching by hand would be to do this

rpm -ihv <policy-source-rpm>.src.rpm
cd ~/rpmbuild/SPECS
rpmbuild -bp <SPECFILE> #build prep <bp>

Once you've done that the ~/rpmbuild/BUILD directory should contain
directory with an extracted and patched tree based on the spec file name.

Dave
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Dmitry Makovey 02-02-2012 03:59 PM

EL6 reference policy sources?
 
On February 1, 2012 20:37:05 Dave Quigley wrote:
> An easier way than extracting and patching by hand would be to do this
>
> rpm -ihv <policy-source-rpm>.src.rpm
> cd ~/rpmbuild/SPECS
> rpmbuild -bp <SPECFILE> #build prep <bp>

ok, so it sounds like SRPM is the only way to get those... I'm familiar with
those, just didn't want to 'build" hoped for something online/system-wide I
can share with other sysadmins as a reference, oh well (yes I know I can make
a copy system-wide, but there's a lot of "manual" in keeping it up-to-date ;)
... Now I have tried:

$ sudo yumdownloader --disableplugin=protectbase,cpacman_yum --source selinux-
policy-3.7.19-93.el6_1.7
Loaded plugins: rhnplugin
Enabling epel-source repository
No source RPM found for selinux-policy-3.7.19-93.el6_1.7.noarch
Nothing to download

same happens when I omit the version from the request. Does anybody know
whether there is an "easy" way of doing it other than RHN/Google/RPMFind ? ( I
do realize it's a question for a different ML, but just in case somebody has a
"quick" answer handy ;)

>
> Once you've done that the ~/rpmbuild/BUILD directory should contain
> directory with an extracted and patched tree based on the spec file name.
> Dave


--
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
---
Confidence is what you have before you understand the problem
Woody Allen

When in trouble when in doubt run in circles scream and shout
http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Dominick Grift 02-02-2012 04:26 PM

EL6 reference policy sources?
 
On Thu, 2012-02-02 at 09:59 -0700, Dmitry Makovey wrote:
> On February 1, 2012 20:37:05 Dave Quigley wrote:
> > An easier way than extracting and patching by hand would be to do this
> >
> > rpm -ihv <policy-source-rpm>.src.rpm
> > cd ~/rpmbuild/SPECS
> > rpmbuild -bp <SPECFILE> #build prep <bp>
>
> ok, so it sounds like SRPM is the only way to get those... I'm familiar with
> those, just didn't want to 'build" hoped for something online/system-wide I
> can share with other sysadmins as a reference, oh well (yes I know I can make
> a copy system-wide, but there's a lot of "manual" in keeping it up-to-date ;)
> ... Now I have tried:
>
> $ sudo yumdownloader --disableplugin=protectbase,cpacman_yum --source selinux-
> policy-3.7.19-93.el6_1.7
> Loaded plugins: rhnplugin
> Enabling epel-source repository
> No source RPM found for selinux-policy-3.7.19-93.el6_1.7.noarch
> Nothing to download
>
> same happens when I omit the version from the request. Does anybody know
> whether there is an "easy" way of doing it other than RHN/Google/RPMFind ? ( I
> do realize it's a question for a different ML, but just in case somebody has a
> "quick" answer handy ;)

ftp://ftp.redhat.com/redhat/linux/enterprise/6Server/en/os/SRPMS/selinux-policy-3.7.19-93.el6_1.7.src.rpm

> >
> > Once you've done that the ~/rpmbuild/BUILD directory should contain
> > directory with an extracted and patched tree based on the spec file name.
> > Dave
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Dmitry Makovey 02-02-2012 06:04 PM

EL6 reference policy sources?
 
On February 2, 2012 18:26:13 Dominick Grift wrote:
> > $ sudo yumdownloader --disableplugin=protectbase,cpacman_yum --source
> > selinux-policy-3.7.19-93.el6_1.7
> > Loaded plugins: rhnplugin
> > Enabling epel-source repository
> > No source RPM found for selinux-policy-3.7.19-93.el6_1.7.noarch
> > Nothing to download
> >
> > same happens when I omit the version from the request. Does anybody know
> > whether there is an "easy" way of doing it other than
> > RHN/Google/RPMFind ? ( I do realize it's a question for a different ML,
> > but just in case somebody has a "quick" answer handy ;)
>
>
> ftp://ftp.redhat.com/redhat/linux/enterprise/6Server/en/os/SRPMS/selinux-pol
> icy-3.7.19-93.el6_1.7.src.rpm

in other words - "no" :) thanks for the help though, through rebuilding
package I have discovered that there's selinux-policy-doc file (BTW - is it me
or is it a strange suffix? I though everything else used -docs suffix, no?)
Abovementioned file has some HTML reference of most of the tunables and other
things I can use building my own policies.

--
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
---
Confidence is what you have before you understand the problem
Woody Allen

When in trouble when in doubt run in circles scream and shout
http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Dominick Grift 02-02-2012 06:32 PM

EL6 reference policy sources?
 
On Thu, 2012-02-02 at 12:04 -0700, Dmitry Makovey wrote:

> in other words - "no" :) thanks for the help though, through rebuilding
> package I have discovered that there's selinux-policy-doc file (BTW - is it me
> or is it a strange suffix? I though everything else used -docs suffix, no?)
> Abovementioned file has some HTML reference of most of the tunables and other
> things I can use building my own policies.
>

eclipse-slide eclipse plugin is nicer imho.
It is pretty easy to port to el6 as well. basically just use fedora14
eclipse-slide srpm to rpmbuild --rebuild it on el6 (also a few
dependencies would need the same treatment but theyre also available
from fedora)

these vids have a least some intro to eclipse-slide:

https://www.youtube.com/watch?v=s4EyoW_7riQ
https://www.youtube.com/watch?v=x2soA3CD2pY&feature=plcp&context=C3927bd3U DOEgsToPDskIl3xy3igroKtda2G7mZQFI

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Dmitry Makovey 02-02-2012 07:17 PM

EL6 reference policy sources?
 
On February 2, 2012 20:32:57 Dominick Grift wrote:
> On Thu, 2012-02-02 at 12:04 -0700, Dmitry Makovey wrote:
> > in other words - "no" :) thanks for the help though, through rebuilding
> > package I have discovered that there's selinux-policy-doc file (BTW - is
> > it me or is it a strange suffix? I though everything else used -docs
> > suffix, no?) Abovementioned file has some HTML reference of most of the
> > tunables and other things I can use building my own policies.
>
> eclipse-slide eclipse plugin is nicer imho.
> It is pretty easy to port to el6 as well. basically just use fedora14
> eclipse-slide srpm to rpmbuild --rebuild it on el6 (also a few
> dependencies would need the same treatment but theyre also available
> from fedora)

thanks for sharing this. My workstation is F16 so I get all the goodies and no
headache of backporting to EL6, the drawback is that to really test things I
have to do it on the server.

> these vids have a least some intro to eclipse-slide:
>
> https://www.youtube.com/watch?v=s4EyoW_7riQ
> https://www.youtube.com/watch?v=x2soA3CD2pY&feature=plcp&context=C3927bd3U DO
> EgsToPDskIl3xy3igroKtda2G7mZQFI

nice, thanks!

--
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
---
Confidence is what you have before you understand the problem
Woody Allen

When in trouble when in doubt run in circles scream and shout
http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux


All times are GMT. The time now is 02:35 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.