Hello, Yesterday I started with a new blog set called "SELinux insides".
See
https://mgrepl.wordpress.com/2015/06/14/selinux-insides-part1-policy-module-...
Your comments, ideas are welcome.
Thank you.
Regards, Mirek
Miroslav Grepl mgrepl@redhat.com:
Yesterday I started with a new blog set called "SELinux insides".
See
https://mgrepl.wordpress.com/2015/06/14/selinux-insides-part1-policy-module-...
Your comments, ideas are welcome.
Interesting, keep it coming.
You abbreviate the path:
.te ---checkmodule---> .mod
In practice, it is:
.te ---make +----> .mod | | +----m4----checkmodule---+
(It might have been a better idea to give a different extension to the te-with-m4-macros files. You can't give those .te files to checkmodule)
Where's the plain .te file format documented, BTW? "Man checkmodule" doesn't give it. Examples abound but I can't seem to find the definitive specification (syntax and semantics).
Next, where's the .te-with-m4-macros language documented?
Marko
On 06/15/2015 08:31 PM, Marko Rauhamaa wrote:
Miroslav Grepl mgrepl@redhat.com:
Yesterday I started with a new blog set called "SELinux insides".
See
https://mgrepl.wordpress.com/2015/06/14/selinux-insides-part1-policy-module-...
Your comments, ideas are welcome.
Interesting, keep it coming.
You abbreviate the path:
.te ---checkmodule---> .mod
In practice, it is:
.te ---make +----> .mod | | +----m4----checkmodule---+
(It might have been a better idea to give a different extension to the te-with-m4-macros files. You can't give those .te files to checkmodule)
Yeap. I wanted to focus more on .pp vs. .cil and describe a module store. I will talk about it later to show advantages/disadvantages of CIL.
Where's the plain .te file format documented, BTW? "Man checkmodule" doesn't give it. Examples abound but I can't seem to find the definitive specification (syntax and semantics).
AFAIK there is "SELinux by Example" book and others with really good documentation.
Next, where's the .te-with-m4-macros language documented?
Marko
Miroslav Grepl mgrepl@redhat.com:
AFAIK there is "SELinux by Example" book and others with really good documentation.
Given the amount of effort that has been put into trying to explain SELinux online, it would be nice to publish the BNF and meanings of the SELinux policy files. Not by example but by definition.
Just a wish.
Marko
selinux@lists.fedoraproject.org