diff --git a/README b/README index 9b43465..6901c33 100644 --- a/README +++ b/README @@ -53,6 +53,13 @@ load Compile, package, and install the base module and validate Validate if the configured modules can successfully link and expand. +install-headers Install the policy headers into /usr/share/selinux/NAME. + The headers are sufficient for building a policy + module locally, without requiring the complete + Reference Policy sources. The build.conf settings + for this policy configuration should be set before + using this target. + Make targets specific to monolithic policies: policy Compile a policy locally for development and testing. @@ -207,3 +214,46 @@ policy/support/* Support macros. policy/users This file defines the users included in the policy. support/* Tools used in the build process. + + +4) Building policy modules using Reference Policy headers: + +The system must first have the Reference Policy headers installed, typically +by the distribution. Otherwise, the headers can be installed using the +install-headers target from the full Reference Policy sources. + +To set up a directory to build a local module, one must simply place a .te +file in a directory. A sample Makefile to use in the directory is the +Makefile.example in the doc directory. This may be installed in +/usr/share/doc, under the directory for the distribution's policy. +Alternatively, the primary Makefile in the headers directory (typically +/usr/share/selinux/NAME/Makefile) can be called directly, using make's -f +option. + +Larger projects can set up a structure of layers, just as in Reference +Policy, by creating policy/modules/LAYERNAME directories. Each layer also +must have a metadata.xml file which is an XML file with a summary tag and +optional desc (long description) tag. This should describe the purpose of +the layer. + +Metadata.xml example: + +ABC modules for the XYZ components. + +Make targets for modules built from headers: + +MODULENAME.pp Compile and package the MODULENAME local module. + +all Compile and package the modules in the current + directory. + +load Compile and package the modules in the current + directory, then insert them into the module store. + +refresh Attempts to reinsert all modules that are currently + in the module store from the local and system module + packages. + +xml Build a policy.xml from the XML included with the + base policy headers and any XML in the modules in + the current directory.