SeLinux and mail relaying
David G. Miller
dave at davenjudy.org
Sun Jul 9 14:36:48 UTC 2006
redhatdude at bellsouth.net wrote:
>There's no local.te in my system. I'm running FC5. Also, there is no
>such rpm or anything similar in the yum repositories. Yes,
>audit2allow gave me the rules to add, two of them indeed. The problem
>now is where to add them. Any idea?
>Thanks a lot for your help, I really appreciate it.
>EJ
>
I did some googling and it looks like Red Hat/Fedora has changed the way
they package the SELinux ruleset source for FC5. It looks like you need
the source RPM for selinux-policy-targeted instead of how they packaged
things for FC4 and earlier with a separate package called
selinux-policy-targeted-sources. I guess it makes sense to just move
the source to the source RPM instead of having a separate "sources"
package; just confusing for those of us who got used to doing things the
other way.
Here's a link to the source RPM but you should also be able to get it
just using your favorite flavor of yum.
ftp://ftp.pbone.net/mirror/download.fedora.redhat.com/pub/fedora/linux/core/updates/5/SRPMS/selinux-policy-2.2.38-1.fc5.src.rpm
This file contains:
[dave at bend ~/rpm]# rpm -qlp selinux-policy-2.2.38-1.fc5.src.rpm
Makefile.devel
booleans-mls.conf
booleans-strict.conf
booleans-targeted.conf
modules-mls.conf
modules-strict.conf
modules-targeted.conf
policy-20060505.patch
policygentool
selinux-policy.spec
serefpolicy-2.2.38.tgz
setrans-mls.conf
setrans-strict.conf
setrans-targeted.conf
I'm *guessing* you'll need to unpack serefpolicy-2.2.38.tgz in an
appropriate location and then add the local policy rules as I described
earlier. Hopefully, the link from one of the other responses will
provide enough information about how to make a custom policy for FC5
although "policygentool" sounds like a likely suspect.
Sorry about the confusion.
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
More information about the fedora-list
mailing list