Intermediate policies
by Sven Vermeulen, post on Sun 05 July 2015When developing SELinux policies for new software (or existing ones whose policies I don't agree with) it is often more difficult to finish the policies so that they are broadly usable. When dealing with personal policies, having them "just work" is often sufficient. To make the policies reusable for distributions (or for the upstream project), a number of things are necessary:
- Try structuring the policy using the style as suggested by refpolicy or Gentoo
- Add the role interfaces that are most likely to be used or required, or which are in the current draft implemented differently
- Refactor some of the policies to use refpolicy/Gentoo style interfaces
- Remove the comments from the policies (as refpolicy does not want too verbose policies)
- Change or update the file context definitions for default installations (rather than the custom installations I use)