Modifying local policy onn RHEL 4

Florian Lengyel lengyel at gmail.com
Wed Mar 8 23:20:10 UTC 2006 

On 3/8/06, Stephen Smalley <sds at tycho.nsa.gov> wrote:
>
> On Wed, 2006-03-08 at 12:44 -0500, Florian Lengyel wrote:
> > Is this the appropriate list to ask about modifying local Selinux
> > policies on Red Hat Enterprise Linux 4? If it is, can someone inform
> > me what i need to download in order to modify the local Selinux
> > policy? The source and tools to do this don't seem to be included in
> > my installation (following the online Red Hat documentation); perhaps
> > there are appropriate rpms to download in up2date--I don't know what
> > they are, and they do not seem to be mentioned in the online
> > documentation.
> >
> > If this is not the appropriate list, please let me know.


Thank you for this; you have jogged my memory that I am missing
precisely those sources In the /etc/selinux/targeted/policy subdirectory
[root at cml policy]# pwd
/etc/selinux/targeted/policy

There is a file called policy.18

[root at cml policy]# ls -latrs
total 348
332 -rw-r--r--  1 root root 331417 Mar  8  2005 policy.18
  8 drwxr-xr-x  4 root root   4096 Aug 25  2005 ..
  8 drwxr-xr-x  2 root root   4096 Aug 25  2005 .
[root at cml policy]#

but there is no /etc/selinux/policy/sources subdirectory

The checkpolicy command is present:

[root at cml policy]# pwd
/etc/selinux/targeted/policy
[root at cml policy]# ls -latrs
total 348
332 -rw-r--r--  1 root root 331417 Mar  8  2005 policy.18
  8 drwxr-xr-x  4 root root   4096 Aug 25  2005 ..
  8 drwxr-xr-x  2 root root   4096 Aug 25  2005 .
[root at cml policy]#

So I am missing the source directory. I wonder if the missing components are
downloadable in rpm form...

Look for selinux-policy-targeted-sources.
> That contains the policy sources.
> Also look for checkpolicy.  That is the policy "compiler".
>
> --
> Stephen Smalley
> National Security Agency
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20060308/b771d64a/attachment.html

More information about the selinux mailing list