On 6/24/20 12:03 PM, Iñaki Ucar wrote:
Thanks. I found another tutorial (from RedHat) which basically says: 1. Implement your service, give it a new SELinux type and run it. 2. Collect all the complaints from SELinux. 3. Use audit2allow to convert them to rules. 4. Repeat until you don't get any more complaints. And I cannot believe my eyes. Is this *really* the way to implement SELinux policies? It seems like a joke to me. Isn't there any notion of inheritance or something like that? Like, I want my type to have
I suppose that's the "easy" way. The better way would be to figure out what permissions and transitions your service needs and write the rules for that.
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
