Where the entry is taken from the nf file as discussed in the Reference Policy Build Options - nf section. The Reference Policy Source tree diagram shows the layout that once installed would be located at: # Add the contibuted modules (policy/modules/contrib) The master Reference Policy repository can be checked out using the following: This is because most Linux distributors take a released version and then tailor it to their specific requirements, for example the Fedora distribution is built from the standard Reference Policy but modified and distributed by Red Hat as a source RPM, for example: Strictly speaking the 'Reference Policy' should refer to the policy taken from the master repository or the latest released version (see ).
Modifying the configuration files to build new policies. Impact of the migration process being used to convert compiled module files ( *.pp) to CIL. Installation as a full Reference Policy source or as Header files. Constructed and types of policy builds supported. This section details how the Reference Policy is: This provides a single source tree with supporting documentation that can be used to build policies for different purposes such as: confining important daemons, supporting MLS / MCS type policies and locking down systems so that all processes are under SELinux control. The Reference Policy is now the standard policy source used to build GNU/Linux SELinux policies. 1.5.2 Using the Reference Policy Headers. 1.5.1 Building and Installing the Header Files. 1.4.1 Building Standard Reference Policy. 
1.4 Installing and Building the Reference Policy Source. 
1.3.5 Booleans, Global Booleans and Tunable Booleans. 1.3.4 Source Installation and Build Make Options. 1.3.3.2 Reference Policy Build Options - policy/nf. 1.3.3.1 Reference Policy Build Options - nf. 1.3.2 Reference Policy Files and Directories. On my Gentoo, the following packages need to be installed: sys-apps/policycoreutilsĪvailable versions: 2.0.82 (~)2.0.82-r1 (~)2.0.85 (~)2.1. mod file and then use dismod to disassemble the binary module to textual representation. To unpack this policy module, you need a tool which is called semodule_unpackage to extract the. # semodule_package -m postgreylocal.mod -o postgreylocal.pp Postgreylocal.pp policy module will be created with: # checkmodule -M -m -o postgreylocal.mod postgreylocal.te #= postfix_smtpd_t =Īllow postfix_smtpd_t initrc_t:unix_stream_socket connectto Īllow postfix_smtpd_t postfix_spool_t:sock_file write 
generate a set of policy rules: audit2allowĪssuming that I have a postgreylocal.te file with belows content: module postgreylocal 1.0.A SELinux policy module is built by following steps:
0 kommentar(er)
