How do you expose a policy interface?
Nathan Kinder
nkinder at redhat.com
Thu Oct 8 18:08:01 UTC 2009
On 10/08/2009 10:47 AM, Dominick Grift wrote:
> On Thu, Oct 08, 2009 at 09:19:21AM -0700, Nathan Kinder wrote:
>
>> I'm writing two policy modules for two separate packages
>> (389-ds-base and 389-admin). I would like to expose some macros via
>> an interface from my dirsrv policy for use by the dirsrv-admin
>> policy. I have defined an interface in my dirsrv.if file and built
>> and installed the dirsrv policy module. Apparently, this doesn't
>> expose the interface as I get an error when building my dirsrv-admin
>> policy that indicates that it doesn't know anything about my new
>> interface.
>>
> Make sure that both source policies are in the same directory. For example i put all my .te, .if and .fc files in ~/modules
> Than build the source policy modules: cd ~/modules; make -f /usr/share/selinux/devel/Makefile
>
> Finally install them: semodule -i ~/modules/*.pp
>
> This works for me.
>
The source for these two modules are installed in two different git
repositories, and I'd prefer to keep them separate and be able to build
them standalone.
I've found that I can place my .if file in
/usr/share/selinux/devel/include/services and it will be located when
building the second policy module, but I'm guessing it's not really
proper for me to install it there.
Is there some sort of include path for interface files that can be set
at policy module build time? I'd be fine with having a
"389-ds-base-selinux-devel" package that installs my interface file
somewhere which could then be used when building the "389-admin-selinux"
package. The questions are where is there a standard place install the
.if file and is there a way to specify the interface include path when
building policy?
>> What is the proper way to expose a policy interface? Does my
>> dirsrv.if file need to be installed on the system somewhere
>> specific?
>>
>> Thanks,
>> -NGK
>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
>> ------------------------------------------------------------------------
>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20091008/2f4984aa/attachment.htm>
More information about the fedora-selinux-list
mailing list