On Mon, 2007-07-23 at 09:41 -0500, Justin Conover wrote: > Another question, does doing this audit2allow method sort of mean "I > have no idea what I'm doing, so allow it all", or is that why it > caught the hald_t memory portion and said NO, don't do this! As per the audit2allow man page, you should think through the rules generated by audit2allow, not just blindly take them. The neverallow statements aka assertions in the base policy will catch certain kinds of dangerous access or malformed rules, but are certainly not exhaustive. Mapping the low-level allow rules to higher level abstractions is something you get from using reference policy, if you use the reference policy interfaces. You might try running audit2allow with the -R option to try to have it generate calls to reference policy interfaces. What version of audit2allow are you using? You may want to try SLIDE for policy writing, as it makes it much easier to search reference policy interfaces, access the inline documentation, etc. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
