From: hal@deer-run.com (Hal Pomeranz) Date: Mon, 27 Jul 2009 09:13:22 -0700 Subject: [refpolicy] Critique requested In-Reply-To: <1247996268.2564.38.camel@notebook1.grift.internal> References: <20090718230224.GB26512@deer-run.com> <1247996268.2564.38.camel@notebook1.grift.internal> Message-ID: <20090727161322.GA4823@deer-run.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Thanks to Dominick for critiquing my initial attempts at using the Reference Policy. I'm still curious about the answer to the following question, if anybody on the list has some insights: > > Also a question, if I may. I originally compiled portsentry from > > source as a standard dynamically-linked executable. However, when I > > started this binary under SELinux control I kept getting denials on > > the shared library "lib_t" files and directories as well as on various > > "ld_so*_t" files. Recompiling as a statically-linked executable made > > this problem go away (obviously), but what's the magic to get a > > standard dynamically-linked executable to not generate these errors? > > I've looked at the sample files in the refpolicy source and haven't > > been able to figure out the trick. -- Hal Pomeranz, Founder/CEO Deer Run Associates hal at deer-run.com Network Connectivity and Security, Systems Management, Training