* What's a module exactly? @ 2014-05-04 15:30 dE 2014-05-05 11:55 ` Christopher J. PeBenito 0 siblings, 1 reply; 3+ messages in thread From: dE @ 2014-05-04 15:30 UTC (permalink / raw) To: selinux I'm trying to verify what I think cause I've not read about this yet -- A SELinux 'module' is like a C object file; each module has a purpose of defining policies for a certain program. Each module may be made a separate policy or many modules can be integrated into one policy file (like what Fedora has done). ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: What's a module exactly? 2014-05-04 15:30 What's a module exactly? dE @ 2014-05-05 11:55 ` Christopher J. PeBenito 2014-05-06 5:45 ` dE 0 siblings, 1 reply; 3+ messages in thread From: Christopher J. PeBenito @ 2014-05-05 11:55 UTC (permalink / raw) To: dE, selinux On 05/04/2014 11:30 AM, dE wrote: > I'm trying to verify what I think cause I've not read about this yet -- > > A SELinux 'module' is like a C object file; each module has a purpose of defining policies for a certain program. > > Each module may be made a separate policy or many modules can be integrated into one policy file (like what Fedora has done). If you're talking about modules as in .pp files, then yes, they're a similar concept to C object code. Each module has a chunk of policy, and then all the modules are linked together to create the final policy.2x. There has to be at least one module in the policy, the base module. It is special in that all of the unconditional (not optional) dependencies must be met. There are also statements that only can exist the base module, such as portcon, genfscon, and others. Otherwise, what is actually contained in each module is up to the policy writer. The modules tend to correspond to software packages. For example, in Reference Policy, there is an apache module which should constrain apache, a samba module for samba, etc. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: What's a module exactly? 2014-05-05 11:55 ` Christopher J. PeBenito @ 2014-05-06 5:45 ` dE 0 siblings, 0 replies; 3+ messages in thread From: dE @ 2014-05-06 5:45 UTC (permalink / raw) To: selinux On 05/05/14 17:25, Christopher J. PeBenito wrote: > On 05/04/2014 11:30 AM, dE wrote: >> I'm trying to verify what I think cause I've not read about this yet -- >> >> A SELinux 'module' is like a C object file; each module has a purpose of defining policies for a certain program. >> >> Each module may be made a separate policy or many modules can be integrated into one policy file (like what Fedora has done). > If you're talking about modules as in .pp files, then yes, they're a similar concept to C object code. Each module has a chunk of policy, and then all the modules are linked together to create the final policy.2x. There has to be at least one module in the policy, the base module. It is special in that all of the unconditional (not optional) dependencies must be met. There are also statements that only can exist the base module, such as portcon, genfscon, and others. Otherwise, what is actually contained in each module is up to the policy writer. The modules tend to correspond to software packages. For example, in Reference Policy, there is an apache module which should constrain apache, a samba module for samba, etc. > Thanks for clarifying that! ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-05-06 5:48 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-05-04 15:30 What's a module exactly? dE 2014-05-05 11:55 ` Christopher J. PeBenito 2014-05-06 5:45 ` dE
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.