On Thu, Oct 08, 2009 at 11:08:01AM -0700, Nathan Kinder wrote:
On 10/08/2009 10:47 AM, Dominick Grift wrote:
>On Thu, Oct 08, 2009 at 09:19:21AM -0700, Nathan Kinder wrote:
>>I'm writing two policy modules for two separate packages
>>(389-ds-base and 389-admin). I would like to expose some macros via
>>an interface from my dirsrv policy for use by the dirsrv-admin
>>policy. I have defined an interface in my dirsrv.if file and built
>>and installed the dirsrv policy module. Apparently, this doesn't
>>expose the interface as I get an error when building my dirsrv-admin
>>policy that indicates that it doesn't know anything about my new
>>interface.
>Make sure that both source policies are in the same directory. For example i put all
my .te, .if and .fc files in ~/modules
>Than build the source policy modules: cd ~/modules; make -f
/usr/share/selinux/devel/Makefile
>
>Finally install them: semodule -i ~/modules/*.pp
>
>This works for me.
The source for these two modules are installed in two different git
repositories, and I'd prefer to keep them separate and be able to
build them standalone.
I've found that I can place my .if file in
/usr/share/selinux/devel/include/services and it will be located
when building the second policy module, but I'm guessing it's not
really proper for me to install it there.
Is there some sort of include path for interface files that can be
set at policy module build time? I'd be fine with having a
"389-ds-base-selinux-devel" package that installs my interface file
somewhere which could then be used when building the
"389-admin-selinux" package. The questions are where is there a
standard place install the .if file and is there a way to specify
the interface include path when building policy?
I think /usr/share/selinux/devel/include/ would be a proper place to put your shared
policy.
I would create devel packages that basically copy the interface files there.
>>What is the proper way to expose a policy interface? Does
my
>>dirsrv.if file need to be installed on the system somewhere
>>specific?
>>
>>Thanks,
>>-NGK
>>
>>--
>>fedora-selinux-list mailing list
>>fedora-selinux-list(a)redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>------------------------------------------------------------------------
>>
>>--
>>fedora-selinux-list mailing list
>>fedora-selinux-list(a)redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list