On Thu, 2007-01-11 at 16:04 -0500, Matthew Shapiro wrote: > >>> Stephen Smalley <sds@xxxxxxxxxxxxx> 01/11/07 3:07 PM >>> > >audit2allow -M local < /var/log/messages > >semodule -i local.pp > > Wow that makes life simple. Thanks a lot! > > >Did you look at the Fedora SELinux FAQ and wiki pages? > >http://fedora.redhat.com/docs/selinux-faq-fc5/ > >http://fedoraproject.org/wiki/SELinux/ > > Actually I did not know about these (the HOWTO's I found was a policy > HOWTO and a general (focused on debian) SELinux introduction). This > look like great resources though. > > > Are you actually using strict policy? It isn't the default in Fedora. > > Ah that explains it. I actually got confused with the versions > (installed the strict src from fc3 by accident, targeted wouldn't > install) and that explains why my last attempt didn't work. I > confirmed and it is setup to use targeted. Though the loadable modules > that I now know about make doing this much easier anyways. > > >nfs_t is a file type, not a process domain, and you want to allow > >mount_t to read nfs_t:file, not transition into it. > > Gotcha. From the documentation I read it made it seem like the _t > denoted a domain. Guess I have some more reading to do to fully > understand everything that is going on. A domain is just a kind of type, specifically a process type. SELinux collapses the two concepts together. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
