externally usable interfaces from 3rd party policy modules

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Andy Warner <warner@rubix.com>
To: SE-Linux <selinux@tycho.nsa.gov>
Subject: externally usable interfaces from 3rd party policy modules
Date: Mon, 24 Nov 2008 17:59:02 +0100	[thread overview]
Message-ID: <492ADD56.1050403@rubix.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1129 bytes --]

Is it possible to create a policy module, install it, and have its 
interfaces usable by other policy modules? In creating DBMS policy I 
would like to provide a high level interface to the DBMS user/developer 
that will allow them to create their site-specific DBMS policy in a 
modular fashion. At the same time I do not want to encourage them to 
directly edit the "base policy" for the DBMS.

In my attempt I simply created my "DBMS base policy" and installed it. I 
then created a "DBMS local policy" that uses interfaces from the DBMS 
base policy. The DBMS local policy fails to compile, failing at the 
first reference to an external interface. If I place all of the policy 
code in the DBMS base policy, everything works. Therefore, I am guessing 
that either there is no way to make the DBMS base policy interfaces 
externally usable or I need to perform an extra step that I am no aware of.

I realize I could modify the base fedora 9 policy and add my module, but 
this has been ruled out as an option.

As a side question, is it possible to generate the HTML "policy help" 
for my modules interfaces?

Thanks,

Andy

[-- Attachment #2: Type: text/html, Size: 1329 bytes --]

next             reply	other threads:[~2008-11-24 16:59 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-11-24 16:59 Andy Warner [this message]
2008-11-24 18:36 ` externally usable interfaces from 3rd party policy modules Joe Nall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=492ADD56.1050403@rubix.com \
    --to=warner@rubix.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.