From: nicky726@gmail.com (Nicky726) Date: Thu, 27 Aug 2009 18:07:52 +0200 Subject: [refpolicy] Basic policy for KDE and Konqueror In-Reply-To: <1250103483.19221.31.camel@notebook2.grift.internal> References: <200908121440.21006.Nicky726@gmail.com> <1250103483.19221.31.camel@notebook2.grift.internal> Message-ID: <200908271807.52210.Nicky726@gmail.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Helo, I managed to implement almost all of your comments to KDE and Konqueror policy. Now I need to do some testing, which is where I got totaly stuck. First to the konqueror_role(). I created this interface according to policy for mozilla, but i quite don't get it, where should I place the call itself. You mention userdomain policy: Dne St 12. srpna 2009 20:58:03 Dominick Grift napsal(a): > the konqueror_run interface calles should be replaced by > konqueror_role() calls. These calls do not belong there but they belong > in the user domain policy. But I didn't find there much xxx_role() calls. More important I didn't find there any mozilla_role() which I take as a reference. When I looked through refpolicy sources I managed to find mozilla_role() and other xxx_role() calls in roles/unprivuser.te and other roles. So to where do these calls belong? I am not sure, that I fully comprehend this situation concerning xxx_role() calls. I had interface konqueror_run() which was called in konqueror.te. This should now be replaced by konqueror_role() which I guess should do something similar, and be called where? What is it good for? And are there more changes needed so it worked? Could someone explain this more? Now to the testing stuff. Til now I managed to test the modules against unmodified Fedora targeted policy. But with konqueror_role() calls there are some modifications needed. How to do it? I didn't have much luck with inserting changed modules to fedora policy, nor with compling what I hope was exact copy of fedora policy. I also think, that this module should be tested against refpolicy-git shouldn't it? The problem with this is, that fedora didn't even booted with git refpolicy. How do you test the modules than? Thanks for the answers, Ondrej Vadinsky