Adding New Permissions

From SELinux Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 09:54, 13 May 2008 (edit)
WikiSysop (Talk | contribs)
m (6 revision(s))
← Previous diff
Revision as of 03:16, 15 July 2008 (edit) (undo)
EricParis (Talk | contribs)

Next diff →
Line 9: Line 9:
<pre> <pre>
To add a new permission to SELinux: To add a new permission to SELinux:
-1) checkout a copy of the refpolicy from oss.tresys.com+1) checkout a copy of the refpolicy from oss.tresys.com or build prep the rawhide selinux policy src rpm
2) cd refpolicy/policy/flask/ 2) cd refpolicy/policy/flask/
3) edit access_vectors and add your definition 3) edit access_vectors and add your definition

Revision as of 03:16, 15 July 2008

(from this mailing list post)



To add a new permission to SELinux:
1) checkout a copy of the refpolicy from oss.tresys.com or build prep the rawhide selinux policy src rpm
2) cd refpolicy/policy/flask/
3) edit access_vectors and add your definition
4) run make
5) run make LINUX_D=/path/to/linux-2.6 tokern to push the kernel headers
to your kernel tree
6) run make LIBSELINUX_D=/path/to/libselinux tolib to push the
libselinux headers to your libselinux tree.

Then you can generate patches against policy, kernel, and libselinux.

There is also the backward compatibility issue - we must not break
akpm's system if he boots a new kernel on an existing distro that lacks
new policy.

Personal tools