I was curious what opinion users here have for reference policy? Is it worth using it to build modules?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/01/2011 08:34 PM, solarflow99 wrote:
I was curious what opinion users here have for reference policy? Is it worth using it to build modules?
My personal policy for my f14 system is based off of refpolicy (so is fedoras' selinux-policy though - it is refpolicy with a fedora-specific patch)
However i decided to base my policy off of refpolicy as opposed to fedoras' selinux-policy for some reasons:
1. Fedora has more modules compiled into the base package, this makes fedora selinux-policy less modular.
2. Side effects of 1. is that some functionality does not work in fedoras" selinux-policy ( atleast not since last time i have checked )
But unless you are doing advanced user space confinement, you might not notice the latter issue.
refpolicy works pretty well for my fedora 14 system, sure i have to modify it quite a bit, but nothing too difficult.
So.. sure it is worth to build modules but it will require a bit work to make it work with fedora.
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
selinux@lists.fedoraproject.org