James Morris <jmorris@xxxxxxxxxx> writes: > This guideline would request that developers test their package with > SELinux enabled (and by this I mean in enforcing mode) and follow a simple > procedure: > > 1. Ensure they have the latest SELiunx policy installed. > 2. Boot with selinux=1 and in enforcing mode. > 3. Perform the normal testing of their application. Using which policy? targeted? strict? mls? Testing with "targeted" should be a "MUST" requirement IMHO, but requiring "strict" or "mls" will cause problems. > 4. Check syslog (or /var/log/audit/audit.log if audit is enabled) for AVC > messages related to their package. Gruß, Uli
Attachment:
pgp40dKcZMGwA.pgp
Description: PGP signature
-- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
