Laurent Jacquot wrote:
> On mar, 2005-11-29 at 11:32 -0500, Daniel J Walsh wrote:
>
>> Laurent Jacquot wrote:
>>
>>> Hello,
>>> I can no longer build my custom selinux policy with recent upgrades (SE
>>> policy source replaced with SE policy).
>>> What is the new way (used to be make reload)?
>>>
>>> tx in advance
>>> jk
>>>
>>>
>>>
>> You need to use loadable modules. Take a look a the man page for
>> audit2allow, for some explanation. I don't know if we have a good
>> description available yet for loadable policy.
>>
>> The hardest part of converting your local.te into a loadable module will
>> be writing the require section.
>> You need to define all types, class and roles in this section in order
>> to get the loadable module.
>> ==================================================================================
>> module local 1.0;
>>
>> require {
>> role system_r;
>>
>> class fifo_file { getattr ioctl };
>>
>> type cupsd_config_t;
>> type unconfined_t;
>> };
>>
>> allow cupsd_config_t unconfined_t:fifo_file { getattr ioctl };
>> ==================================================================================
>>
>> --
>>
> Thanks a lot for this info.
> BTW the audit2allow (policycoreutils-1.27.29-1) manpage isn't updated
> regarding the module stuff. Hopefully, the -M option is verbose
>
> Would you mind shed some light on the new file context definition? (used
> to be local.fc)
>
> Laurent
>
>
>
>
manpage looks correct on my machine?
File context file should be the same.
checkmodule -M -m -o /tmp/local.mod /tmp/local.te
semodule_package -o /tmp/local.pp -m /tmp/local.mod -f /tmp/local.fc
--