Is it possible to create a policy module, install it, and have its interfaces usable by other policy modules? In creating DBMS policy I would like to provide a high level interface to the DBMS user/developer that will allow them to create their site-specific DBMS policy in a modular fashion. At the same time I do not want to encourage them to directly edit the "base policy" for the DBMS.

In my attempt I simply created my "DBMS base policy" and installed it. I then created a "DBMS local policy" that uses interfaces from the DBMS base policy. The DBMS local policy fails to compile, failing at the first reference to an external interface. If I place all of the policy code in the DBMS base policy, everything works. Therefore, I am guessing that either there is no way to make the DBMS base policy interfaces externally usable or I need to perform an extra step that I am no aware of.

I realize I could modify the base fedora 9 policy and add my module, but this has been ruled out as an option.

As a side question, is it possible to generate the HTML "policy help" for my modules interfaces?

Thanks,

Andy

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.