Menu
I used below command to generate a policy file:
ausearch -ts today |audit2allow -M sample
it will generate two files: sample.te and sample.pp
the sampel.te contains lines such as:
allow container_t unlabeled_t:dir { add_name create remove_name rename write };
I want edit this line to add a "read" permission:
allow container_t unlabeled_t:dir { add_name create remove_name rename write read};
But I don't know how to compile the .te file into .pp file so that I can apply it (used later in other nodes as well)
669
audit2allow man page explains how to compile module. If you are not using refence policy macros, you can directly use checkmodule (SELinux policy compiler) and semodule_package (packager):
checkmodule -M -m -o sample.mod sample.te
semodule_package -o sample.pp -m sample.mod
If you have reference policy macros in your policy file (used -R option for audit2allow or added macros in your modifications), you need to have the policy development files (selinux-policy-dev package) installed and use the provided makefile:
make -f /usr/share/selinux/devel/Makefile sample.pp
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
