On Mon, May 5, 2008 at 12:42 PM, Ingemar Nilsson <init@xxxxxx> wrote:
> Lots of questions, but the documentation on this subject isn't exactly
> stellar. :)
With CentOS 5, you don't really need the selinux module source
anymore. It's usually enough to clear the logs and in permissive mode,
run the offending application. Then 'grep yourapp
/var/log/audit/audit.log | audit2allow -M localmodname'. Check the
module for sanity and make sure it's not allowing god-knows-what, then
semodule -i localmodname. It'll be there on reboot from now on. no
need (although it's a good idea) to keep the module file hanging
around.
--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
