On 14/03/2018 22:32, Simon Sekidde wrote:
Create policy to grant access to both process types
Ok, as I am doing right now :)
Thanks for confirmation.
If the policy was compiled as *.pp policy modules then these can be converted to CIL code using the /usr/libexec/selinux/hll/pp binary (assuming you are running an updated binary policy version)
So the process would be:
- use pp to regenerate the template file;
- edit the newly generated template file adding the required entries;
- re-compile it to generate the new binary policy.
This means that direct binary patching (without regenerating the
text-based template file) is not possible, right? Am I missing something
else?
Regards.
--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti@xxxxxxxxxx - info@xxxxxxxxxx
GPG public key ID: FF5F32A8
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
