Problem while writing the new policy
Klaus Weidner
klaus at atsec.com
Mon Apr 3 20:48:24 UTC 2006
On Mon, Apr 03, 2006 at 08:55:54PM +0530, Suman B wrote:
> Hi,
> I am a newbie to selinux. I would like to write a new policy and want to
> ensure that the policy is working.
>
> I saw in some web pages, that i have to write a policy file and to keep in
> /etc/selinux/src/ , but there is no such directory.
>
> What are the steps i have to follow for writing the policy. and give me a
> small exampl with which i can create a new policy.
Here's the method I'm using. I think making this easier would help people
who want to contribute policies...
Get and install the selinux-policy source rpm, and prepare it for build
using
cd /usr/src/redhat
rpmbuild -bp SPECS/selinux-policy.spec
Then change to directory /usr/src/redhat/BUILD/serefpolicy-*/, and
configure and build the policy you want, something like this (adapted
from the spec file):
NAME="mls"
TYPE="strict-mls"
Args="NAME=$NAME TYPE=$TYPE DISTRO=redhat DIRECT_INITRC=n MONOLITHIC=n POLY=n"
RPM_SOURCE_DIR=/usr/src/redhat/SOURCES
make $Args bare
make $Args conf
cp -f ${RPM_SOURCE_DIR}/modules-$NAME.conf ./policy/modules.conf
cp -f ${RPM_SOURCE_DIR}/booleans-$NAME.conf ./policy/booleans.conf
make $Args base.pp
make $Args modules
make $Args install
Be careful, installing a policy different from the one you're currently
running will require an autorelabel.
-Klaus
More information about the selinux
mailing list