|
Q: Can any SELinux directive be put into a policy smodule,
or are there restrictions? For example: suppose I wanted to: allow snmpd_t apmd_t:process
ptrace; allow snmpd_t
auditd_t:process ptrace; allow snmpd_t
automount_t:process ptrace; [ …and so on ] so that snmpd could access mib .1.3.6.1.2.1.6. (advisability
notwithstanding) Could these directives be put into a policy module even though
the base policy already has an snmpd i/f? Q. Can a module define new booleans? If so are
they persistent if the module is unloaded and reloaded? For example; an snmpd policy module with an snmpd_can_ptrace
boolean. Are there namespace conventions? Q. What happens if the base policy (or another policy
modules) is updated with overlapping statements. Am I correct in believing that the set of allows is the
union of the base allows + all module allows? --rich |
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
