about a new policy file in SELinux!
Colin Walters
walters at redhat.com
Wed Aug 4 20:12:26 UTC 2004
On Thu, 2004-08-05 at 00:31 +0430, Sajed Miremadi wrote:
> Hi,
>
> I have asked this question several times before but haven't got the answer
> I really want.
> I'll ask it again but more clearly:
> Does anybody ever write a new policy file except those which is defult in
> selinux(I mean those in /etc/security/selinux/src/policy/domains/program).
Yes, of course.
> When I say a policy file I mean the files with ".te". For example there
> are some for "ping","innd","tcpdump" and ... .
> If someone has a .te file with this condition, I would be very glad if
> he/she could send me that.
Every time someone posts a new .te file to selinux at tycho.nsa.gov, like
Russell's postgrey policy, they are in that condition.
I think the problem you are running into is that you need a .fc file
corresponding to each .te file in order for the .te file to be enabled.
For example, if you create domains/program/myprogram.te, you need to
also create file_contexts/program/myprogram.fc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040804/2a39bef2/attachment.sig>
More information about the fedora-selinux-list
mailing list