From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzhorn.ncsc.mil (mummy.ncsc.mil [144.51.88.129]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with SMTP id l66C3G9F013874 for ; Fri, 6 Jul 2007 08:03:16 -0400 Received: from nz-out-0506.google.com (jazzhorn.ncsc.mil [144.51.5.9]) by jazzhorn.ncsc.mil (8.12.10/8.12.10) with ESMTP id l66C3Gip020025 for ; Fri, 6 Jul 2007 12:03:16 GMT Received: by nz-out-0506.google.com with SMTP id l1so169181nzf for ; Fri, 06 Jul 2007 05:03:15 -0700 (PDT) Message-ID: <468E2E84.3000105@gmail.com> Date: Fri, 06 Jul 2007 19:59:00 +0800 From: Ken YANG MIME-Version: 1.0 To: Louis Lam CC: selinux@tycho.nsa.gov Subject: Re: Newbie: Using SELINUX to contain vmware References: <896266.60611.qm@web34805.mail.mud.yahoo.com> In-Reply-To: <896266.60611.qm@web34805.mail.mud.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Louis Lam wrote: > Hi Ken, > > Thank you for your replies. I'll try that out. > > About my system. My target is to use RHEL 5. But i have no restrictions to use FC either. > > Pardon my ignorance, btw, what do you mean by the "upstream" vmware policy? Where may I be able to > get it? IMHO, "upstream" means reference policy svn trunk, you can get it through: svn co http://oss.tresys.com/repos/refpolicy/trunk refpolicy similarly, you can also user vmware[.te, .fc, .if] in EL5 policy source. > > Thanks in advance, > Louis > > > --- Ken YANG wrote: > >> Louis Lam wrote: >>> Hi All, >>> >>> I'm trying to use SELINUX to contain vmware. I'm a newbie to the "newer" modules based SELINUX >>> under RHEL5/CenTOS5. I can see that there is a vmware.if defined but don't know how to build >> the >>> module vmware.pp. Not even sure if i'm on the correct track doing this. pl advice. >> what is your system? in fedora, there is vmware module at default: >> >> -(:17:48:$)-> sudo semodule -l|grep vmware >> vmware 1.1.1 >> >> if your policy have not vmware module, you can build it from policy source: >> >> # cd "dir containg your vmware source policy" >> (vmware.fc, vmware.te, vmware.if) >> >> # make -f /usr/share/selinux/devel/Makefile >> (you must install selinux-policy-devel package first) >> >> # semodule -i vmware.pp >> # restorecon -R -v "vmware relative directories" >> >> >>> I'm trying to use SELINUX to contain the free vmplayer 2.0.0 downloadable from vmware site. >> Has >>> anyone succeeded in doing so? Maybe can point me to the right resources. Thanks. >> through upstream vmware policy, i can run vmware-workstation 6 smoothly, >> so i think vmplayer 2.0.0 is also ok. >> >> >>> Thanks in Advance, >>> Louis >>> >>> Send instant messages to your online friends http://uk.messenger.yahoo.com >>> >>> -- >>> This message was distributed to subscribers of the selinux mailing list. >>> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with >>> the words "unsubscribe selinux" without quotes as the message. >>> >> >> -- >> This message was distributed to subscribers of the selinux mailing list. >> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with >> the words "unsubscribe selinux" without quotes as the message. >> > > > Send instant messages to your online friends http://uk.messenger.yahoo.com > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.