custom selinux policy
Stephen Smalley
sds at tycho.nsa.gov
Wed Nov 30 15:29:55 UTC 2005
On Tue, 2005-11-29 at 11:32 -0500, Daniel J Walsh wrote:
> The hardest part of converting your local.te into a loadable module will
> be writing the require section.
> You need to define all types, class and roles in this section in order
> to get the loadable module.
How hard would it be to add an option to audit2allow (or create a
variant script) that takes a .te file as input and generates the
requires statements for it? You are already doing that from audit
messages, so it shouldn't be difficult to do likewise from an existing
set of allow rules. Then people could run that to convert over their
existing local.te files into module form, and then use audit2allow -m
for subsequent additions.
That would also be nice for converting over the test policy.
--
Stephen Smalley
National Security Agency
More information about the devel
mailing list