Adding build-time policy decisions
The last enhancement we might want to look at is build-time policy decisions. Unlike SELinux Booleans, these are policy blocks that are enabled (or disabled) based on build parameters. We have encountered a few of these in the past already, namely enable_mcs
, enable_mls
as well as distribution selection parameters, such as distro_gentoo
or distro_redhat
.
In this recipe, we will enable the xdg_manage_downloads_home
call but only when the policy is built for a Gentoo system.
How to do it…
Build-time decisions are added to the policy using the ifdef
statements, as can be seen through the next set of steps:
- Open
myskype.te
and add in the following block of code:ifdef(`distro_gentoo',` xdg_manage_downloads_home(skype_t) ...
Get SELinux Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.