[Seedit-devel] create domain
Yuichi Nakamura
himainu-ynakam at miomio.jp
Wed May 14 13:19:24 BST 2008
Hi.
On Tue, 13 May 2008 17:39:03 -0700 (PDT)
run zhang <zhang4run at yahoo.com> wrote:
> Thanks for quick response.
> 1. That means, at least, I can define domian for each subdir right now.
Great.
> 2. Can you give some hints on the hacking? I am using 2.2.0.
Yes,seedit generates SELinux policy under sepolicy/generated.conf.
generated.conf configuration using macros under macros dir.
Domain transition is configured like below.
domain_auto_trans(unconfined_domain,sbin_syslogd_t,syslogd_t)
syslog is assigned "syslogd_t" domain if /sbin/syslogd is executed
unconfined domain.
If you replace "unconfined_domain" with "domain", and convert
generated.conf to binary policy,
syslog will be assigned syslogd_t when executed from any programs.
I think I have to prepare new syntax like below.
domain foo_t;
program_entry_force /bin/foo;
then
domain_auto_trans(domain,bin_foo_t,foo_t)
is genarated..
> BTW, I am using on embeded device. I use the simplified_policy.min, and the base_policy has system_u, root, and user_u. How can I configure a single user single role policy? ( I think this is the case in most embeded environments).
> Thanks!
I am glad to hear that people are trying seedit on embedded devices.
I think what you want is the default configuration of simplified_policy.min.
RBAC is not configured by default.
And can I forward this email to mailing list??
More information about the Seedit-devel
mailing list