Daniel J Walsh wrote: > Gives users the ability to set a domain as permissive > > > semanage permissive -a http_t > > It created a policy module named permissive_httpd_t.pp with the > permissive call. > So, a really quick glance brings up a couple issues. First you have '-n', '--noheading' which aren't documented in the man page or elsewhere. Second (and more importantly) why are you executing semodule like that? libsemanage is the library that manages modules, and also the library used by semanage for everything else. I would prefer a more 'pure' approach where we keep a list of permissive types and inject them into the kernel policy after linking (like libsemanage does with users, ports, nodes, etc) but I understand that adding a whole new set of databases and interfaces is both annoying and time consuming so I'm fine with it working on modules, I'd just like to see it using libsemanage interfaces instead of calling semodule. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
