On Thu, 2006-09-21 at 10:26 +0800, Benjamin Tsai wrote:
sorry I didn't make myself clear ... enough.
Me thought if I want to build and load my own policy successfully, I
should "feel" and confirm that the build path works on my box in
advance.
I shall have a valid .te file, and with that, I can compile/load it
without errors and see it working correctly. That's why I start with
audit2allow, it's merely a test for me. =)
That's fine, but I'm still not clear - do you want strict policy or not?
If your goal was just to write policy for your own daemon, you can do
that while staying with targeted policy, and just write a policy module
for your daemon.
As for the warning, yes I did see my module installed through
semodule
-l. However, why is the warning? It's fc5 in my box, instead of debian,
surely I don't have dpkg installed. Besides, I checked with semodule and
didn't see dpkg. It's so weird to see a warning of something I don't
have.
semodule -l doesn't list dpkg?
Then I'm confused. I agree it shouldn't be included in the Fedora
policy; that was likely just an oversight.
--
Stephen Smalley
National Security Agency