Hi All,

I am looking for SELinux source code which could be used to port on CentOS 7.4 and can be use for writing our own SELinux module for our application. I have tried various reference policies but nothing helped me for example: gentoo, tresys reference policy etc.

Can anybody please help me. Any help would be really very helpful for me.

BR, Vishwa

Welcome to LQ.

The CentOS source code is in "Vault"
http://vault.centos.org/7.5.1804/

The latest SELinux is in updates:
selinux-policy-3.13.1-192.el7_5.3.src.rpm
http://vault.centos.org/7.5.1804/upd...rce/SPackages/

You can read about the latest additions in the file selinux-policy.spec, from line 658.

-

I don't think reading the source is going to help you. Start by reading the CentOS wiki on the subject.
https://wiki.centos.org/HowTos/SELinux

I rely heavily on the audit2allow tool. You're going to need to understand the basics -- don't expect that modifying some other sample is going to get you very far.

Hi,

Thanks for your reply.

I have compiled and successfully installed the policy. Now I am able to up my system in permissive mode but in enforcing mode my system get blocked on device manager and not booting up.

Though I have started writing policy module in permissive mode with the same version of development package as source. but while inserting module it is giving error when my policy is selected as refpolicy in config file.

when I switched to targeted the policy module insertion is successful.

error using refpolicy is:

[root@localhost myapp]# make
Compiling refpolicy myapp module
/usr/bin/checkmodule: loading policy configuration from tmp/myapp.tmp
/usr/bin/checkmodule: policy configuration loaded
/usr/bin/checkmodule: writing binary representation (version 19) to tmp/myapp.mod
Creating refpolicy myapp.pp policy package
rm tmp/myapp.mod.fc tmp/myapp.mod

[root@localhost myapp]# semodule -i myapp.pp
Failed to resolve typeattributeset statement at /etc/selinux/refpolicy/tmp/modules/400/myapp/cil:23
semodule: Failed!

Please help.

Regards,
Vishwa