[Seedit-devel] create domain
himainu-ynakam at miomio.jp
Wed May 14 13:19:24 BST 2008
On Tue, 13 May 2008 17:39:03 -0700 (PDT)
run zhang <zhang4run at yahoo.com> wrote:
> Thanks for quick response.
> 1. That means, at least, I can define domian for each subdir right now.
> 2. Can you give some hints on the hacking? I am using 2.2.0.
Yes,seedit generates SELinux policy under sepolicy/generated.conf.
generated.conf configuration using macros under macros dir.
Domain transition is configured like below.
syslog is assigned "syslogd_t" domain if /sbin/syslogd is executed
If you replace "unconfined_domain" with "domain", and convert
generated.conf to binary policy,
syslog will be assigned syslogd_t when executed from any programs.
I think I have to prepare new syntax like below.
> BTW, I am using on embeded device. I use the simplified_policy.min, and the base_policy has system_u, root, and user_u. How can I configure a single user single role policy? ( I think this is the case in most embeded environments).
I am glad to hear that people are trying seedit on embedded devices.
I think what you want is the default configuration of simplified_policy.min.
RBAC is not configured by default.
And can I forward this email to mailing list??
More information about the Seedit-devel