These are more suitable for embedded or minimal systems.Įach of the policy types are built using module files that define the specific rules required by the policy as detailed in the Reference Policy Module Files section. Monolithic Policy - A policy that has all the required policy information in a single base policy and does not require the services of the module infrastructure ( semanage(8) or semodule(8)).This is now the standard used by GNU / Linux distributions. Loadable Module Policy - A policy that has a base module for core services and has the ability to load / unload modules to support applications as required.The Reference Policy can be used to build two different formats of policy infrastructure: The Installing and Building the Reference Policy Source section explains a simple build plus information on building the Fedora source. Where the entry is taken from the nf file as discussed in the Reference Policy Build Options - nf section. The Reference Policy Source tree diagram shows the layout that once installed would be located at: # Add the contibuted modules (policy/modules/contrib) The master Reference Policy repository can be checked out using the following: This is because most Linux distributors take a released version and then tailor it to their specific requirements, for example the Fedora distribution is built from the standard Reference Policy but modified and distributed by Red Hat as a source RPM, for example:
Strictly speaking the 'Reference Policy' should refer to the policy taken from the master repository or the latest released version (see ). Modifying the configuration files to build new policies.Impact of the migration process being used to convert compiled module files ( *.pp) to CIL.Installation as a full Reference Policy source or as Header files.Constructed and types of policy builds supported.This section details how the Reference Policy is: This provides a single source tree with supporting documentation that can be used to build policies for different purposes such as: confining important daemons, supporting MLS / MCS type policies and locking down systems so that all processes are under SELinux control. The Reference Policy is now the standard policy source used to build GNU/Linux SELinux policies. 1.5.2 Using the Reference Policy Headers.1.5.1 Building and Installing the Header Files.1.4.1 Building Standard Reference Policy.
1.3.4 Source Installation and Build Make Options.1.3.3.2 Reference Policy Build Options - policy/nf.1.3.3.1 Reference Policy Build Options - nf.1.3.2 Reference Policy Files and Directories.
0 kommentar(er)
