>>> Stephen Smalley <sds@xxxxxxxxxxxxx> 01/11/07 3:07 PM >>> >audit2allow -M local < /var/log/messages >semodule -i local.pp Wow that makes life simple. Thanks a lot! >Did you look at the Fedora SELinux FAQ and wiki pages? >http://fedora.redhat.com/docs/selinux-faq-fc5/ >http://fedoraproject.org/wiki/SELinux/ Actually I did not know about these (the HOWTO's I found was a policy HOWTO and a general (focused on debian) SELinux introduction). This look like great resources though. > Are you actually using strict policy? It isn't the default in Fedora. Ah that explains it. I actually got confused with the versions (installed the strict src from fc3 by accident, targeted wouldn't install) and that explains why my last attempt didn't work. I confirmed and it is setup to use targeted. Though the loadable modules that I now know about make doing this much easier anyways. >nfs_t is a file type, not a process domain, and you want to allow >mount_t to read nfs_t:file, not transition into it. Gotcha. From the documentation I read it made it seem like the _t denoted a domain. Guess I have some more reading to do to fully understand everything that is going on. Thanks for your help and quick response! It's now working, and I"m going to do some more research to learn more about SE Linux now that I'm not fighting with it :) --Matthew Shapiro -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
