I believe tresys had been hosting sources for reference policies on different linux platforms, which is not the case anymore. This ML is the closest thing to a help - which package contains sources for all the .pp modules coming as part of "targeted" policy implementation on EL6? I tried to install most of SELinux-related *-devel packages with no success (only got .fi files, but not the .te)? Should I be downloading SRPMs ?
On Wed, 2012-02-01 at 14:51 -0700, Dmitry Makovey wrote:
I believe tresys had been hosting sources for reference policies on different linux platforms, which is not the case anymore. This ML is the closest thing to a help - which package contains sources for all the .pp modules coming as part of "targeted" policy implementation on EL6? I tried to install most of SELinux-related *-devel packages with no success (only got .fi files, but not the .te)? Should I be downloading SRPMs ?
If you want to see the source for the installed policy then indeed you would download the source rpm corresponding to the rpm that you have installed for selinux-policy-targeted.
After that you can extract the rpm (alter click on the package and select "extract here" or use the command line tools to extract the source rpms). Also extract the serefpolicy.tgz file that was extracted from the source rpm. Then you would also prep the source by applying the enclose redhat patches.
After the patches are applied, you can browse the source policy that is in the serefpolicy directory.
I hope this helps
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
On 2/1/2012 5:00 PM, Dominick Grift wrote:
On Wed, 2012-02-01 at 14:51 -0700, Dmitry Makovey wrote:
I believe tresys had been hosting sources for reference policies on different linux platforms, which is not the case anymore. This ML is the closest thing to a help - which package contains sources for all the .pp modules coming as part of "targeted" policy implementation on EL6? I tried to install most of SELinux-related *-devel packages with no success (only got .fi files, but not the .te)? Should I be downloading SRPMs ?
If you want to see the source for the installed policy then indeed you would download the source rpm corresponding to the rpm that you have installed for selinux-policy-targeted.
After that you can extract the rpm (alter click on the package and select "extract here" or use the command line tools to extract the source rpms). Also extract the serefpolicy.tgz file that was extracted from the source rpm. Then you would also prep the source by applying the enclose redhat patches.
After the patches are applied, you can browse the source policy that is in the serefpolicy directory.
I hope this helps
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
An easier way than extracting and patching by hand would be to do this
rpm -ihv <policy-source-rpm>.src.rpm cd ~/rpmbuild/SPECS rpmbuild -bp <SPECFILE> #build prep <bp>
Once you've done that the ~/rpmbuild/BUILD directory should contain directory with an extracted and patched tree based on the spec file name. Dave
On February 1, 2012 20:37:05 Dave Quigley wrote:
An easier way than extracting and patching by hand would be to do this
rpm -ihv <policy-source-rpm>.src.rpm cd ~/rpmbuild/SPECS rpmbuild -bp <SPECFILE> #build prep <bp>
ok, so it sounds like SRPM is the only way to get those... I'm familiar with those, just didn't want to 'build" hoped for something online/system-wide I can share with other sysadmins as a reference, oh well (yes I know I can make a copy system-wide, but there's a lot of "manual" in keeping it up-to-date ;) ... Now I have tried:
$ sudo yumdownloader --disableplugin=protectbase,cpacman_yum --source selinux- policy-3.7.19-93.el6_1.7 Loaded plugins: rhnplugin Enabling epel-source repository No source RPM found for selinux-policy-3.7.19-93.el6_1.7.noarch Nothing to download
same happens when I omit the version from the request. Does anybody know whether there is an "easy" way of doing it other than RHN/Google/RPMFind ? ( I do realize it's a question for a different ML, but just in case somebody has a "quick" answer handy ;)
Once you've done that the ~/rpmbuild/BUILD directory should contain directory with an extracted and patched tree based on the spec file name. Dave
On Thu, 2012-02-02 at 09:59 -0700, Dmitry Makovey wrote:
On February 1, 2012 20:37:05 Dave Quigley wrote:
An easier way than extracting and patching by hand would be to do this
rpm -ihv <policy-source-rpm>.src.rpm cd ~/rpmbuild/SPECS rpmbuild -bp <SPECFILE> #build prep <bp>
ok, so it sounds like SRPM is the only way to get those... I'm familiar with those, just didn't want to 'build" hoped for something online/system-wide I can share with other sysadmins as a reference, oh well (yes I know I can make a copy system-wide, but there's a lot of "manual" in keeping it up-to-date ;) ... Now I have tried:
$ sudo yumdownloader --disableplugin=protectbase,cpacman_yum --source selinux- policy-3.7.19-93.el6_1.7 Loaded plugins: rhnplugin Enabling epel-source repository No source RPM found for selinux-policy-3.7.19-93.el6_1.7.noarch Nothing to download
same happens when I omit the version from the request. Does anybody know whether there is an "easy" way of doing it other than RHN/Google/RPMFind ? ( I do realize it's a question for a different ML, but just in case somebody has a "quick" answer handy ;)
ftp://ftp.redhat.com/redhat/linux/enterprise/6Server/en/os/SRPMS/selinux-policy-3.7.19-93.el6_1.7.src.rpm
Once you've done that the ~/rpmbuild/BUILD directory should contain directory with an extracted and patched tree based on the spec file name. Dave
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
On February 2, 2012 18:26:13 Dominick Grift wrote:
$ sudo yumdownloader --disableplugin=protectbase,cpacman_yum --source selinux-policy-3.7.19-93.el6_1.7 Loaded plugins: rhnplugin Enabling epel-source repository No source RPM found for selinux-policy-3.7.19-93.el6_1.7.noarch Nothing to download
same happens when I omit the version from the request. Does anybody know whether there is an "easy" way of doing it other than RHN/Google/RPMFind ? ( I do realize it's a question for a different ML, but just in case somebody has a "quick" answer handy ;)
ftp://ftp.redhat.com/redhat/linux/enterprise/6Server/en/os/SRPMS/selinux-pol icy-3.7.19-93.el6_1.7.src.rpm
in other words - "no" :) thanks for the help though, through rebuilding package I have discovered that there's selinux-policy-doc file (BTW - is it me or is it a strange suffix? I though everything else used -docs suffix, no?) Abovementioned file has some HTML reference of most of the tunables and other things I can use building my own policies.
On Thu, 2012-02-02 at 12:04 -0700, Dmitry Makovey wrote:
in other words - "no" :) thanks for the help though, through rebuilding package I have discovered that there's selinux-policy-doc file (BTW - is it me or is it a strange suffix? I though everything else used -docs suffix, no?) Abovementioned file has some HTML reference of most of the tunables and other things I can use building my own policies.
eclipse-slide eclipse plugin is nicer imho. It is pretty easy to port to el6 as well. basically just use fedora14 eclipse-slide srpm to rpmbuild --rebuild it on el6 (also a few dependencies would need the same treatment but theyre also available from fedora)
these vids have a least some intro to eclipse-slide:
https://www.youtube.com/watch?v=s4EyoW_7riQ https://www.youtube.com/watch?v=x2soA3CD2pY&feature=plcp&context=C39...
On February 2, 2012 20:32:57 Dominick Grift wrote:
On Thu, 2012-02-02 at 12:04 -0700, Dmitry Makovey wrote:
in other words - "no" :) thanks for the help though, through rebuilding package I have discovered that there's selinux-policy-doc file (BTW - is it me or is it a strange suffix? I though everything else used -docs suffix, no?) Abovementioned file has some HTML reference of most of the tunables and other things I can use building my own policies.
eclipse-slide eclipse plugin is nicer imho. It is pretty easy to port to el6 as well. basically just use fedora14 eclipse-slide srpm to rpmbuild --rebuild it on el6 (also a few dependencies would need the same treatment but theyre also available from fedora)
thanks for sharing this. My workstation is F16 so I get all the goodies and no headache of backporting to EL6, the drawback is that to really test things I have to do it on the server.
these vids have a least some intro to eclipse-slide:
https://www.youtube.com/watch?v=s4EyoW_7riQ https://www.youtube.com/watch?v=x2soA3CD2pY&feature=plcp&context=C39... EgsToPDskIl3xy3igroKtda2G7mZQFI
nice, thanks!
selinux@lists.fedoraproject.org