On Thu, 28 Apr 2005 10:20:55 +0200, Davide Bolcioni wrote:
That's part of what I would be looking for. How would I find out
about the
policies in effect ?
You can review their sources.
The initial goal is compatibility: ship a possibly
distribution-specific
package which works regardless of whether the customer uses no selinux,
the targeted policy or the strict policy. Making it policy-specific
would be ugly, as I would get a combinatorial explosion of .rpm packages
to ship.
OK. What exactly broke your app? Targetted isn't supposed to interfere
with most programs (except that sometimes that doesn't seem to be the
case, I'm still researching this too!). So you should be able to ignore
that. It may be that the shlib_textrel_t thing got you, so far that's the
only part of targetted I know about which isn't actually backwards
compatible.
As for strict policy, well I don't know what the default there is. I guess
the default is "deny everything" so every program needs policy to work but
I don't know for sure. I don't think many people run strict right now
though.
Until binary policy is implemented though I am not sure you can ship
policy in RPMs. It has to be in the central policy as a patch and you can
then mark the files with the right contexts. You (hopefully) shouldn't
need any custom policy though.
thanks -mike