Re: What to do if a package needs a modified SELinux policy?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/30/2011 04:52 AM, Kurt Seifried wrote:
> I'm experimenting with a package that needs to have rsyslog write to a
> named fifo pipe (so log data can be handed off from rsyslog to an
> external program). As I see it the options are:
> 
> 1) apologize to the user and tell them to disable SELinux (no thanks)
> 2) get Fedora SELinux policy to add an exception (best case scenario I think)
> 3) tell the user how to manually modify policy and update it (which
> might then break the next SELinux policy gets updated/etc.).
> 
> Is there any official process/advice for this? Thanks in advance.
> 
> -Kurt
I would just request the policy to be updated to allow this.

Which policy version/OS are you dealing with?

It should be a mere matter of labeling the fifo_file with the
appropriate label to allow syslog to write. The real question is who is
on the other end of the fifo file listing for syslog messages?

We probably would need to write policy for this app.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk3lAAoACgkQrlYvE4MpobOPeACgwpcmM8ITastd4pUFq0K0dcHi
x2AAmgKjHX7smj2U0ZbIaB7PWiTsxcam
=EiNE
-----END PGP SIGNATURE-----
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux