Section A.2. Reference Policy

Previous page
Table of content
Next page

A.2. Reference Policy

Chapter 12, "Reference Policy," discussed the reference policy, which we expect to be the primary policy source for the future. At the time of this writing, Red Hat used reference policy for FC5. You can use the reference policy to build strict or targeted policies, with or without the optional MLS features. Reference policy supports RHEL4.

Instructions for installing and using reference policy on RHEL4 are complicated because they involve upgrading several packages and libraries to support the latest policy language. You can find instructions on how to do this and where to find prebuilt RPMs for the required packages and libraries in the INSTALL file in the top-level directory of the reference policy tree.

A.2.1. Primary Reference Policy

The reference policy is primarily developed by Tresys Technology as an open source project. It is available via its open source project site:

http://serefpolicy.sourceforge.net/


The reference policy supports loadable modules and the traditional monolithic policy build (all from the same source tree). At this time, loadable modules are still in development, but you can find up-to-date information and instructions on the policy server project open source site:

http://sepolicy-server.sourceforge.net/


A.2.2. Red Hat's Fedora Core 5 Reference Policy

Several versions of reference policy are available for FC5, including a targeted, strict, and MLS policy package. All of these are based on the primary reference policy tree. You can find the prebuilt policy RPMs at the following site:

http://download.fedora.redhat.com/pub/fedora/linux/core/5/i386/os/Fedora/RPMS/


At the time of this writing, the relevant files were called selinux-policy-*.

The previous RPMs install as policy modules. You will find the policy packages (that is, the .pp files) under /usr/share/selinux/, in the associated policy directory (targeted, strict, and so on).

There is no "sources" RPM (that is, a package that automatically installs the policy source files), but you can find an src RPM (that is, a package that contains the sources to build the policy but does not automatically install the sources). You can find the src RPM at the following site:

http://download.fedora.redhat.com/pub/fedora/linux/core/5/source/SRPMS/


At the time of this writing, the package name was selinux-policy-2.2.23-15.src.rpm. The src RPM contains a reference policy source tree and a patch file that Red Hat provides for the current version of FC5.

It takes some knowledge to extract the policy sources from an src RPM. You can always use the primary reference policy (as described previously) rather than the Red Hat packages. It will also install and build usable policies on FC5.



Previous page
Table of content
Next page
SELinux by Example(c) Using Security Enhanced Linux
SELinux by Example: Using Security Enhanced Linux
ISBN: 0131963694
EAN: 2147483647
Year: 2007
Pages: 154
Authors: Frank Mayer, Karl MacMillan, David Caplan
BUY ON AMAZON
Lotus Notes and Domino 6 Development (2nd Edition)
FileMaker Pro 8: The Missing Manual
Postfix: The Definitive Guide
An Introduction to Design Patterns in C++ with Qt 4
What is Lean Six Sigma
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy