"SELinux insides" blog - selinux - Fedora Mailing-Lists

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

"SELinux insides" blog

'su' in a Docker container -> AVC

New issue with Fedora 22

Miroslav Grepl

Monday, 15 June 2015 Mon, 15 Jun '15

12:46 p.m.

Hello, Yesterday I started with a new blog set called "SELinux insides". See https://mgrepl.wordpress.com/2015/06/14/selinux-insides-part1-policy-modu... Your comments, ideas are welcome. Thank you. Regards, Mirek -- Miroslav Grepl Senior Software Engineer, SELinux Solutions Red Hat, Inc.

Reply

Show replies by date

Marko Rauhamaa

Monday, 15 June Mon, 15 Jun

1:31 p.m.

Miroslav Grepl <mgrepl(a)redhat.com>:

Yesterday I started with a new blog set called "SELinux insides". See https://mgrepl.wordpress.com/2015/06/14/selinux-insides-part1-policy-modu... Your comments, ideas are welcome.

Interesting, keep it coming. You abbreviate the path: .te ---checkmodule---> .mod In practice, it is: .te ---make +----> .mod | | +----m4----checkmodule---+ (It might have been a better idea to give a different extension to the te-with-m4-macros files. You can't give those .te files to checkmodule) Where's the plain .te file format documented, BTW? "Man checkmodule" doesn't give it. Examples abound but I can't seem to find the definitive specification (syntax and semantics). Next, where's the .te-with-m4-macros language documented? Marko

Reply

Miroslav Grepl

Tuesday, 16 June Tue, 16 Jun

11:58 a.m.

On 06/15/2015 08:31 PM, Marko Rauhamaa wrote:

Miroslav Grepl <mgrepl(a)redhat.com>: > Yesterday I started with a new blog set called "SELinux insides". > > See > > https://mgrepl.wordpress.com/2015/06/14/selinux-insides-part1-policy-modu... > > Your comments, ideas are welcome. Interesting, keep it coming. You abbreviate the path: .te ---checkmodule---> .mod In practice, it is: .te ---make +----> .mod | | +----m4----checkmodule---+ (It might have been a better idea to give a different extension to the te-with-m4-macros files. You can't give those .te files to checkmodule)

Yeap. I wanted to focus more on .pp vs. .cil and describe a module store. I will talk about it later to show advantages/disadvantages of CIL.

Where's the plain .te file format documented, BTW? "Man checkmodule" doesn't give it. Examples abound but I can't seem to find the definitive specification (syntax and semantics).

AFAIK there is "SELinux by Example" book and others with really good documentation.

Next, where's the .te-with-m4-macros language documented? Marko

-- Miroslav Grepl Senior Software Engineer, SELinux Solutions Red Hat, Inc.

Reply

Marko Rauhamaa

2:30 p.m.

Miroslav Grepl <mgrepl(a)redhat.com>:

AFAIK there is "SELinux by Example" book and others with really good documentation.

Given the amount of effort that has been put into trying to explain SELinux online, it would be nice to publish the BNF and meanings of the SELinux policy files. Not by example but by definition. Just a wish. Marko

Reply

3237

days inactive

3238

days old

selinux@lists.fedoraproject.org

Manage subscription

3 comments

2 participants

tags (0)

participants (2)

Marko Rauhamaa
Miroslav Grepl