Re: custom selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 1/27/22 01:58, al so wrote:
Better yet, how to selectively enable Permissive mode for only a few linux processes on a system where SELinux is globally enforced?
It is going to be an interim measure only before you dismiss it as insecure practice.
On Wed, Jan 26, 2022 at 4:53 PM al so <volkswak@xxxxxxxxx> wrote:
On a system where SELinux is enforced, how to selectively disable SELinux on a few custom linux processes without impacting the rest?

Check the `semanage permissive` command (in fedora 35 its in package: policycoreutils-python-utils). You'll need to figure out, what type your process runs as (maybe `ps -efZ`)


Examples from the man page:

List all permissive modules
# semanage permissive -l
Make httpd_t (Web Server) a permissive domain
# semanage permissive -a httpd_t


_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux