LinuxLists.cc - [refpolicy] Interfaces

2016-11-17 13:23:25

Subject: [refpolicy] Interfaces

Hi Guys,

An easy one: When we compile a module using refpolicy style policy packages, does the .pp binary include the interfaces as well?
Also, do the corresponding .if files need to also exist in the /include directory as referenced by the Makefile?

And so when I update the interface, I assume I need to recompile the whole policy module and update the .if file in the /include directory as well?

Thanks.

Best Regards,

Walid Fakim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20161117/9ae63472/attachment.html

2016-11-17 13:30:46

by Dac Override

[permalink] [raw]

Subject: [refpolicy] Interfaces

On 11/17/2016 02:23 PM, Fakim, Walid via refpolicy wrote:
> Hi Guys,
>
> An easy one: When we compile a module using refpolicy style policy packages, does the .pp binary include the interfaces as well?

No, .if files are reference policy specific. They are not native to
module policy. You would have to install any .if files manually to the
reference policy HEADER location.

> Also, do the corresponding .if files need to also exist in the /include directory as referenced by the Makefile?

Ideally yes. The makefile will look for headers in the current pwd and
"/include"

>
> And so when I update the interface, I assume I need to recompile the whole policy module and update the .if file in the /include directory as well?

Yes

Basically, ideally, you would ship your policy using two packages

myapp-selinux.rpm
myapp-selinux-devel.rpm

The myapp-selinux-devel depends on "selinux-policy-devel", includes the
.if file and copies it to "/include"

>
> Thanks.
>
> Best Regards,
>
> Walid Fakim
>
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
>

--
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20161117/691cca41/attachment.bin