Is there a SELinux tutorial for ISVs ?
Mike Hearn
mike at navi.cx
Thu Apr 28 13:54:41 UTC 2005
On Thu, 28 Apr 2005 10:20:55 +0200, Davide Bolcioni wrote:
> That's part of what I would be looking for. How would I find out about the
> policies in effect ?
You can review their sources.
> The initial goal is compatibility: ship a possibly distribution-specific
> package which works regardless of whether the customer uses no selinux,
> the targeted policy or the strict policy. Making it policy-specific
> would be ugly, as I would get a combinatorial explosion of .rpm packages
> to ship.
OK. What exactly broke your app? Targetted isn't supposed to interfere
with most programs (except that sometimes that doesn't seem to be the
case, I'm still researching this too!). So you should be able to ignore
that. It may be that the shlib_textrel_t thing got you, so far that's the
only part of targetted I know about which isn't actually backwards
compatible.
As for strict policy, well I don't know what the default there is. I guess
the default is "deny everything" so every program needs policy to work but
I don't know for sure. I don't think many people run strict right now
though.
Until binary policy is implemented though I am not sure you can ship
policy in RPMs. It has to be in the central policy as a patch and you can
then mark the files with the right contexts. You (hopefully) shouldn't
need any custom policy though.
thanks -mike
More information about the fedora-selinux-list
mailing list