----- Original Message ----- > From: "Gionatan Danti" <g.danti@xxxxxxxxxx> > To: selinux@xxxxxxxxxxxxxxxxxxxxxxx > Sent: Wednesday, March 14, 2018 4:46:17 PM > Subject: Two questions about selinux > > Hi all, > I have two questions about selinux. > > 1) Suppose I have a file which should be shared by two processes with > two different security context (ie: proc_a_t and proc_b_t). I am right > saying that I *must* create a policy to grant access to both processes > for both contexts? Or is it possible to assign *two* labels/contexts to > a file/directory? > Create policy to grant access to both process types > 2) Suppose that, by using audit2allow, I created a custom policy module. > Time passed, and I lost the original template file, leaving only the > binary policy module. If I then need to add some other customization, do > I need to create a new policy or can I modify the original, binary-only > policy? > If the policy was compiled as *.pp policy modules then these can be converted to CIL code using the /usr/libexec/selinux/hll/pp binary (assuming you are running an updated binary policy version) > Thanks. > > -- > Danti Gionatan > Supporto Tecnico > Assyoma S.r.l. - www.assyoma.it > email: g.danti@xxxxxxxxxx - info@xxxxxxxxxx > GPG public key ID: FF5F32A8 > _______________________________________________ > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx > -- Simon Sekidde gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
