custom selinux policy
Daniel J Walsh
dwalsh at redhat.com
Wed Nov 30 15:43:02 UTC 2005
Stephen Smalley wrote:
> On Tue, 2005-11-29 at 11:32 -0500, Daniel J Walsh wrote:
>
>> The hardest part of converting your local.te into a loadable module will
>> be writing the require section.
>> You need to define all types, class and roles in this section in order
>> to get the loadable module.
>>
>
> How hard would it be to add an option to audit2allow (or create a
> variant script) that takes a .te file as input and generates the
> requires statements for it? You are already doing that from audit
> messages, so it shouldn't be difficult to do likewise from an existing
> set of allow rules. Then people could run that to convert over their
> existing local.te files into module form, and then use audit2allow -m
> for subsequent additions.
>
> That would also be nice for converting over the test policy.
>
>
Yes I was considering adding a new flag to take an input from a te file.
So we could parse a te file and/or an audit message and combine the
output into a new te file using reference policy format.
--
More information about the fedora-devel-list
mailing list