Adding New Permissions
From SELinux Wiki
(Difference between revisions)
| Revision as of 09:54, 13 May 2008 (edit) WikiSysop (Talk | contribs) m (6 revision(s)) ← Previous diff |
Revision as of 03:16, 15 July 2008 (edit) (undo) EricParis (Talk | contribs) Next diff → |
||
| Line 9: | Line 9: | ||
| <pre> | <pre> | ||
| To add a new permission to SELinux: | To add a new permission to SELinux: | ||
| - | 1) checkout a copy of the refpolicy from oss.tresys.com | + | 1) checkout a copy of the refpolicy from oss.tresys.com or build prep the rawhide selinux policy src rpm |
| 2) cd refpolicy/policy/flask/ | 2) cd refpolicy/policy/flask/ | ||
| 3) edit access_vectors and add your definition | 3) edit access_vectors and add your definition | ||
Revision as of 03:16, 15 July 2008
(from this mailing list post)
To add a new permission to SELinux: 1) checkout a copy of the refpolicy from oss.tresys.com or build prep the rawhide selinux policy src rpm 2) cd refpolicy/policy/flask/ 3) edit access_vectors and add your definition 4) run make 5) run make LINUX_D=/path/to/linux-2.6 tokern to push the kernel headers to your kernel tree 6) run make LIBSELINUX_D=/path/to/libselinux tolib to push the libselinux headers to your libselinux tree. Then you can generate patches against policy, kernel, and libselinux. There is also the backward compatibility issue - we must not break akpm's system if he boots a new kernel on an existing distro that lacks new policy.
