SELinux and Shorewall with IPSets

Mr Dash Four mr.dash.four at googlemail.com
Sun Jun 27 18:04:58 UTC 2010


> On 06/27/2010 06:40 PM, Mr Dash Four wrote:
>
>   
>> I have two more queries though - if I want to use this module (the .pp 
>> file) on a system which is built from a ks file (using standard 
>> kickstart tools) do I just copy myshorewall.pp to 
>> /etc/selinux/targeted/modules/active/modules on the target system in 
>> order to use this module? Would that be enough?
>>     
>
> You cannot simply copy it (need to install it (semodule -i). But you can
> use a single binary presentation on most selinux enabled system (e.g.
> deploy the single myshorewall.pp to various similar configured systems.)
>   
Does that mean if the policy is compiled on i686-based machine it can 
then run/be deployed on a x86_64 and visa versa?

Also, does semodule need to have a running SELinux as I need to deploy 
this module on a Linux system (image) which does NOT have SELinux 
running (yet)?

In other words, if I issue this command in chroot-ed environment would 
that be enough? The "%post" section of the kickstart file does just that 
- it chroots to the image as it has been built and from there I can do 
whatever I like on the actual image, though this is not a running system 
- i.e. SELinux on that system is not loaded! If that is possible and if 
I run on different architectures (say the image is for x86_64 and the 
machine on which the image is built is i686) would it matter?



More information about the selinux mailing list