> I don't think you want an alias (i.e. two names for the
> same domain) but
> rather another domain that is unconfined as well. Use
> unconfined_domain().
sshd_t is defined this way in Redhat policy, I learn from the masters :)
$ cd /home/vvc/rpmbuild/BUILD/serefpolicy-2.4.6/policy/modules/services
$ grep sshd_t ssh.te |grep domain
unconfined_alias_domain(sshd_t)
init_system_domain(sshd_t,sshd_exec_t)
>
> Interesting question about auditallow; you might need a
> script to
> generate the right set, maybe derived from
> audit2allow/sepolgen innards.
> Watch out though - auditallow'ing everything will flood
> your system with
> too many audit messages.
Exactly, I want to avoid it.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
