To allow should be easy:
mkdir myguest; cd myguest
cat > myguest.te << EOF
policy_module(myguest, 1.0.0)
optional_policy(`
gen_require(` type guest_t; role guest_r; ')
screen_role_template(guest, guest_r, guest_t)
')
EOF
make -f /usr/share/selinux/devel/Makefile myguest.pp
sudo semodule -i myguest.pp
This will allow guest_t to run screen in the guest_screen_t domain.
You will probably want to relogin and run restorecon -R -v -F
~/.screenrc
Added above policy it now 'guest_t' can use screen command. Thanks a lot Dominick.
----
Cheers,
Lakshmipathi.G
FOSS Programmer.
www.giis.co.in
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
