In creating an selinux policy i can define the type of policy (strict,
targeted, MLS and a custom : e,g make NAME=selinuxvariant -f
/usr/share/selinux/devel/Makefile) to which the policy file has to be
applied.
But given a policy file (policy.pp) as it is possible to understand via
some API interface at which policies the policy file relate ? In other
words, it is redundant to have the information elsewhere on the type of
policy to which the policy file you referring to? Also the information that
the policy file is a base or loadable policy is in policy file ? If yes, how
to inquiry via selinux API ?
Thanks a lot in advance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20090911/7d4a828e/attachment.html
On 09/11/2009 08:41 AM, Elia Pinto wrote:
> In creating an selinux policy i can define the type of policy (strict,
> targeted, MLS and a custom : e,g make NAME=selinuxvariant -f
> /usr/share/selinux/devel/Makefile) to which the policy file has to be
> applied.
>
> But given a policy file (policy.pp) as it is possible to understand via
> some API interface at which policies the policy file relate ? In other
> words, it is redundant to have the information elsewhere on the type of
> policy to which the policy file you referring to? Also the information that
> the policy file is a base or loadable policy is in policy file ? If yes, how
> to inquiry via selinux API ?
>
> Thanks a lot in advance
>
I guess the question I would raise, is what is varying between the policies that you feel is necessary.
option_policy(
)
Should handle the case where an interface is different. The only case I currently know of where you migh vary is on
file context MLS Level.