SELinux modification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



In-Reply-To: : <44457936.4090207@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>


On Tue, 18 Apr 2006 19:41:42 -0400,
William Warren <hescominsoon@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

> I installed SeLinux in warn mode.  HOw do i check to see what it
> is wanring about?  This wil help me in make a decision to turn it
> to active mode..:)

Try this:

$ audit2allow --help
audit2allow [-d] [-v] [-l] [-i <inputfile> ] [-o <outputfile>]
        -d      read input from output of /bin/dmesg
        -v      verbose output
        -l      read input only after last "load_policy"
        -i      read input from <inputfile>
        -o      append output to <outputfile>

$ audit2allow -v -1 /var/log/messages

This will not only tell you what SELinux is complaining about, it will
give you the basic information needed to configure your local policy file
in:

/etc/selinux/targeted/src/policy/domains/misc/local.te

To implement policy changes, edit the local.te file as indicated by
audit2allow and rebuild your SELinux policy files with:

$ /etc/selinux/targeted/src/policy/make reload

Be advised however that audit2allow may suggest policy alterations that
are broader than strictly necessary.  It is probably worth your while to
post your contemplated policy changes here and get some informed opinions
about whether they actually should be more restrictive.

To do any of this you need to first install the selinux-policy-targeted rpm.

Regards,
Jim


-- 
***     e-mail is NOT a secure channel     ***
James B. Byrne                mailto:ByrneJB.<token>@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3CE               delivery <token> = hal


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux