Re: Policy redundancy and layout

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 03/01/2010 12:46 PM, Scott Salley wrote:

I have a project with multiple daemons (around 6) which share many common features (they access the network, create and maintain daemon specific files, access random numbers, etc…), though they each deal with a different set of tasks (monitoring network resources, providing network file sharing services, providing network authentication services, etc).

 

Is it okay to use the interface file to define a set of common properties for these daemons to avoid listing everything out for each daemon? If not the interface file, then how should a common set of patterns for these daemons be defined?

 

I found listing the rules for each daemon to be bug prone and tedious.

 


--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes this is done with apache cgi scripts for example, nagios.

A lot of time these use templates to generate the types.  Also lookinto using attributes to associate rules with the types

type $1_t, MYDOMAIN;


Then in the te file you add rules like

files_read_etc_files(MDOMAIN) 
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux