Il 2023-05-19 18:56 Casper ha scritto:
With audit2allow, you can read from "auditd" logs then try to generate the .te file, then compile it into a Module Policy. If you know how to write Type Enforcement[1] (.te) file, you will have to compile it manually into a loadable Module Policy file. This step is done automatically by audit2allow. """ Module (or Non-base) Policy - These are optional policy source files that when compiled, can be dynamically loaded or unloaded within the policy store. By convention these files are named after the module or application they represent, with the compiled binary having a '.pp' extension. These files are compiled using the checkmodule command. """ CIL modules can be used with semodule because they are compiled by semodule directly, at install time.[2] [1] https://selinuxproject.org/page/NB_TE [2] https://selinuxproject.org/page/PolicyLanguage
Thank you so much. Regards. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.danti@xxxxxxxxxx - info@xxxxxxxxxx GPG public key ID: FF5F32A8 _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
