From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id t740r9Xg020726 for ; Mon, 3 Aug 2015 20:53:09 -0400 Subject: Re: Does it matter where .cil modules are build. To: Miroslav Grepl , James Carter , selinux@tycho.nsa.gov References: <55BB0009.4030809@yahoo.com> <55BB827C.5020204@tycho.nsa.gov> <55BBD9EE.7030508@yahoo.com> <55BF0863.4010304@redhat.com> From: Dan Message-ID: <55C0026E.70801@yahoo.com> Date: Mon, 3 Aug 2015 20:08:14 -0400 MIME-Version: 1.0 In-Reply-To: <55BF0863.4010304@redhat.com> Content-Type: text/plain; charset=windows-1252; format=flowed List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Oh okay cool I understand now. It just built and everything went smoothly. Thanks guys. On 08/03/2015 02:21 AM, Miroslav Grepl wrote: > On 07/31/2015 10:26 PM, Dan wrote: >> Yeah I'm just looking to build selinux policies to confine applications, >> etc, with the cil language and nothing else, so when you say the policy >> store is that the /var/lib/selinux/targeted/active/modules/400 directory? >> >> On 07/31/2015 10:13 AM, James Carter wrote: >>> On 07/31/2015 12:56 AM, Dan wrote: >>>> Hello everyone, >>>> >>>> I have been reading up on the cil documentation and am starting >>>> to get the >>>> hang of it and have successfully built my first module. I have a a >>>> module called >>>> test.cil. Now my only question on is where exactly would I put this >>>> module to >>>> build it or does it not matter where you stick them at? I know when >>>> you take the >>>> .pp packages and convert them to .cil they get stored in >>>> /var/lib/selinux/targeted/active/modules/400, but I'm just using the >>>> secilc >>>> compiler and nothing else to build policy. > /var/lib/selinux is a default location for your module store. It can be > changed in semanage.conf. > > Basically if you want to add a local policy module, just use > > # semodule -i mypol.cil > > This module will be loaded with the default priority for custom policies. > > # semodule --list-module=full |grep mypol > 400 mypol cil > >>> If you are using the CIL compiler to build the whole policy, then it >>> doesn't matter where the files are located. Just specify all of the >>> files that are part of the policy on the command line for secilc. >>> >>> Do note that the CIL compiler does not build modules, it builds the >>> complete policy, so if you are only building a module than it should >>> go into the policy store. You should also use the policy store if you >>> want to use the management functions of semanage. >>> >> _______________________________________________ >> Selinux mailing list >> Selinux@tycho.nsa.gov >> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. >> To get help, send an email containing "help" to >> Selinux-request@tycho.nsa.gov. >