How to apply new policy exactly?
Stephen Smalley
sds at tycho.nsa.gov
Thu Sep 21 14:41:46 UTC 2006
On Thu, 2006-09-21 at 10:26 +0800, Benjamin Tsai wrote:
> sorry I didn't make myself clear ... enough.
> Me thought if I want to build and load my own policy successfully, I
> should "feel" and confirm that the build path works on my box in
> advance.
> I shall have a valid .te file, and with that, I can compile/load it
> without errors and see it working correctly. That's why I start with
> audit2allow, it's merely a test for me. =)
That's fine, but I'm still not clear - do you want strict policy or not?
If your goal was just to write policy for your own daemon, you can do
that while staying with targeted policy, and just write a policy module
for your daemon.
> As for the warning, yes I did see my module installed through semodule
> -l. However, why is the warning? It's fc5 in my box, instead of debian,
> surely I don't have dpkg installed. Besides, I checked with semodule and
> didn't see dpkg. It's so weird to see a warning of something I don't
> have.
semodule -l doesn't list dpkg?
Then I'm confused. I agree it shouldn't be included in the Fedora
policy; that was likely just an oversight.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list