On Tue, 2017-08-15 at 21:50 +0300, Joonas Sarajärvi wrote: > Adam Williamson kirjoitti 15.08.2017 klo 02:37: > > Of course, for day-to-day Rawhide users, booting with 'enforcing=0' can > > work around these issues for now (or you could, I suppose, create a > > local policy that just blanket allowed the 'map' permission in all > > cases, so all other SELinux restrictions would remain in place). > > For those less familiar with SELinux but still using it and wishing to > keep things that way, it would be awesome to have a quick summary (or > just pointer to documentation) on how you do this. It sounds like a > fairly straightforward task to describe if you know your way around SELinux. Welp, that's me busted: I would've had to look up specifically how to do this, and I was too lazy to. :P I do create custom policies very occasionally, but not often enough to remember exactly how to do it off the top of my head (I always have to look it up), and I don't think I've tried one which just blanket allows a permission in *all* cases before. The reference I usually start from, FWIW, is: https://wiki.centos.org/HowTos/SELinux#head-aa437f65e1c7873cddbafd9e9a73bbf9d102c072 There are various other references (mainly in RHEL and SELinux documentation) that you can find by googling stuff like 'selinux custom policy', and with the help of those I usually muddle through... -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
