Problem while writing the new policy

Klaus Weidner klaus at atsec.com
Mon Apr 3 20:48:24 UTC 2006


On Mon, Apr 03, 2006 at 08:55:54PM +0530, Suman B wrote:
> Hi,
> I am a newbie to selinux. I would like to write a new policy and want to
> ensure that the policy is working.
> 
> I saw in some web pages, that i have to write a policy file and to keep in
> /etc/selinux/src/ , but there is no such directory.
> 
> What are the steps i have to follow for writing the policy. and give me a
> small exampl with which i can create a new policy.

Here's the method I'm using. I think making this easier would help people
who want to contribute policies...

Get and install the selinux-policy source rpm, and prepare it for build
using

  cd /usr/src/redhat
  rpmbuild -bp SPECS/selinux-policy.spec

Then change to directory /usr/src/redhat/BUILD/serefpolicy-*/, and
configure and build the policy you want, something like this (adapted
from the spec file):

  NAME="mls"
  TYPE="strict-mls"
  Args="NAME=$NAME TYPE=$TYPE DISTRO=redhat DIRECT_INITRC=n MONOLITHIC=n POLY=n"
  RPM_SOURCE_DIR=/usr/src/redhat/SOURCES
  make $Args bare
  make $Args conf
  cp -f ${RPM_SOURCE_DIR}/modules-$NAME.conf  ./policy/modules.conf
  cp -f ${RPM_SOURCE_DIR}/booleans-$NAME.conf ./policy/booleans.conf
  make $Args base.pp
  make $Args modules
  make $Args install

Be careful, installing a policy different from the one you're currently
running will require an autorelabel.

-Klaus




More information about the selinux mailing list