[prev in list] [next in list] [prev in thread] [next in thread]
List: rpm-devel
Subject: Re: [Fwd: [Rpm-maint] [RFC PATCH] install selinux policies from
From: Jeff Johnson <n3npq () mac ! com>
Date: 2009-07-07 13:54:39
Message-ID: 02301E96-901C-4D76-AF84-402671361422 () mac ! com
[Download RAW message or body]
On Jul 7, 2009, at 9:26 AM, Jason Corley wrote:
> On Tue, Jul 7, 2009 at 9:20 AM, Jeff Johnson<n3npq@mac.com> wrote:
>>> Two issues, the first is does rpm5 support the %policy that
>>> appears to be
>>> in rpm.org? If not this could turn into a compatibility issue..
>>> (but I
>>> assume it's just a new f
>>
>> All depends on what "support" kmeans.
>>
>> Yes %policy syntax is parsed and is identical.
>>
>> However, %policy was intended to handle textual *.te files.
>> SELinux now uses something called a *.pp file that (I have not
>> looked) appears to be a compressed binary file format.
>>
>> So *.pp, not *.te, content now (last 10-15 days) appears to be
>> headed into
>> RPMTAG_POLICIES @rpm.org.
>
> Not that I'm an expert here by any means, but just for informational
> purposes a .te file gets compiled to a .mod which gets packaged up as
> a .pp file. The steps I use (on RHEL5) look like this:
>
> audit2allow -d -M FQDN
> checkmodule -M -m FQDN.te -o FQDN.mod
> semodule_package -o FQDN.pp -m FQDN.mod
> semodule -i FQDN.pp
>
> So a .te is still valid, it's just the .pp that gets loaded by
> semodule. Of course RHEL is ancient history, who knows what is
> current process.
Thanks for describing the current state-of-affairs. On a FC2 time frame,
when %policy was implemented, most of the above dinna exist. Heck,
the matchpathcon_init() API dinna exist when %policy was 1st
implemented either.
73 de Jeff
______________________________________________________________________
RPM Package Manager http://rpm5.org
Developer Communication List rpm-devel@rpm5.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic