On Mon, 03 May 2004 02:45:39 +1000, Russell Coker said: > On Wed, 28 Apr 2004 03:52, Valdis.Kletnieks@xxxxxx wrote: > > Has anybody already done a policy file for Tripwire or its > > open-sourced replacement 'aide'? > > Why not run it in the domain backup_t? Tripwire and backup programs both need > read access to all files.. Good hint - I'll have to chase that. Looks like it's almost but not quite what I want - looks like a few lines of tweaking should suffice (I'm pretty sure that can_network can be heaved over the side of the .te file, and I need other directories labeled with backup_store_t in the .fc file).
Attachment:
pgpbO2CwcdyGB.pgp
Description: PGP signature
