selinux: Document how to quickly iterate policy changes
Knowing what to change in the policy is often not quite obvious, and takes several attempts. Show how to do this much more quickly than repeated rpm/image builds.
This commit is contained in:
parent
a324b3fa3b
commit
02051cfa0a
|
@ -0,0 +1,11 @@
|
|||
# Changing cockpit's SELinux policy
|
||||
|
||||
The clean way is to edit the policy files and then rebuild the rpms and image with
|
||||
`test/image-prepare -q fedora-XX`.
|
||||
|
||||
To iterate more quickly, locally `./configure` the build tree with
|
||||
`--enable-selinux-policy=targeted`, then you can quickly recompile and install
|
||||
the policy into the `c` SSH target with:
|
||||
```sh
|
||||
make cockpit.pp && scp cockpit.pp c:/tmp/ && ssh c semodule -i /tmp/cockpit.pp
|
||||
```
|
Loading…
Reference in New Issue