Re: Newbie: Using SELINUX to contain vmware

[Ken YANG <spng.yang@gmail.com>]

Louis Lam wrote:
> Hi Ken,
> 
> Thank you for your replies. I'll try that out.
> 
> About my system. My target is to use RHEL 5. But i have no restrictions to use FC either.
> 
> Pardon my ignorance, btw, what do you mean by the "upstream" vmware policy? Where may I be able to
> get it?

IMHO, "upstream" means reference policy svn trunk, you can get it through:

svn co http://oss.tresys.com/repos/refpolicy/trunk refpolicy

similarly, you can also user vmware[.te, .fc, .if] in EL5 policy source.


> 
> Thanks in advance,
> Louis
> 
> 
> --- Ken YANG <spng.yang@gmail.com> wrote:
> 
>> Louis Lam wrote:
>>> Hi All,
>>>
>>> I'm trying to use SELINUX to contain vmware. I'm a newbie to the "newer" modules based SELINUX
>>> under RHEL5/CenTOS5. I can see that there is a vmware.if defined but don't know how to build
>> the
>>> module vmware.pp. Not even sure if i'm on the correct track doing this. pl advice.
>> what is your system? in fedora, there is vmware module at default:
>>
>> -(:17:48:$)-> sudo semodule -l|grep vmware
>> vmware  1.1.1
>>
>> if your policy have not vmware module, you can build it from policy source:
>>
>> # cd "dir containg your vmware source policy"
>> (vmware.fc, vmware.te, vmware.if)
>>
>> # make -f /usr/share/selinux/devel/Makefile
>> (you must install selinux-policy-devel package first)
>>
>> # semodule -i vmware.pp
>> # restorecon -R -v "vmware relative directories"
>>
>>
>>> I'm trying to use SELINUX to contain the free vmplayer 2.0.0 downloadable from vmware site.
>> Has
>>> anyone succeeded in doing so? Maybe can point me to the right resources. Thanks.
>> through upstream vmware policy, i can run vmware-workstation 6 smoothly,
>> so i think vmplayer 2.0.0 is also ok.
>>
>>
>>> Thanks in Advance,
>>> Louis
>>>
>>> Send instant messages to your online friends http://uk.messenger.yahoo.com 
>>>
>>> --
>>> This message was distributed to subscribers of the selinux mailing list.
>>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
>>> the words "unsubscribe selinux" without quotes as the message.
>>>
>>
>> --
>> This message was distributed to subscribers of the selinux mailing list.
>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
>> the words "unsubscribe selinux" without quotes as the message.
>>
> 
> 
> Send instant messages to your online friends http://uk.messenger.yahoo.com 
> 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.