Paul Howarth wrote:
On Fri, 2006-07-21 at 14:14 -0700, Michael Thomas wrote:
>>You should check that the transition has happened by running ps with the
>>"-Z" option to show the process context when you're running the
>>application.
>
>It shows up as crossfire_exec_t because...
crossfire_exec_t? Not crossfire_t?
You're right, it is user_u:system_r:crossfire_t
>>>Some things that would be nice to clarify:
>>>
>>>Should selinux be added as a subpackage or automatically included in the
>>>base package?
>>
>>
>>I don't have a strong opinion either way on this. I've tended to stick
>>to keeping everything together because I find it easier to manage that
>>way. As long as the SELinux bits don't get in the way of people not
>>using them, I don't think it's a problem.
>
>I think I would prefer to use a separate package (not integrated with
>the base package), so that the policy can be turned on and off by simply
>installing/uninstalling the -selinux package.
Bear in mind that there should be a crossfire_disable_trans boolean that
would turn off the policy (or rather the transition to crossfire_t) when
set, without having to uninstall the policy.
Is it enough to add the boolean to crossfire.te, or do I need to add
anything in the .if file as well?
type crossfire_t;
type crossfire_exec_t;
domain_type(crossfire_t)
init_daemon_domain(crossfire_t, crossfire_exec_t)
bool crossfire_disable_trans;
--Mike