Locally defined file contexts
Russell Coker
russell at coker.com.au
Mon Apr 19 13:13:04 UTC 2004
On Fri, 16 Apr 2004 09:02, Gene Czarcinski <gene at czarc.net> wrote:
> > If you put an _additional_ file into the appropriate directory, it
> > should be picked up by the make scripts and will not be overwritten by
> > upgrades. For example, I have
> > /etc/security/selinux/src/policy/domains/misc/local.te for local policy
> > add-ons and /etc/security/selinux/src/policy/file_contexts/misc/local.fc
> > for local file_contexts add-ons.
>
> Yes, just what I am looking for.
>
> Perhaps it should be named "local" rather than "misc" but for now it
> exists.
domains/misc and file_contexts/misc are not necessarily for local
customisations, they are for files without a match.
For every .te file in domains/program there must be a matching .fc file in
file_contexts/program (or you can't build the file_contexts file). Any .fc
file in file_contexts/program that does not have a matching .te file will not
be used.
So if you have a .fc file with no matching .te file or a .te with no
matching .fc then you have to put it in a misc directory.
For a file you create yourself use a name like local.te or custom.te that is
not likely to be used in any distributed policy.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the selinux
mailing list