Cesar Maiorino wrote: <snip>
(2) If I don't add the "shell allow" rules, how do I deal with those denials?
During development I add a permissive rule for shell so that I can do whatever I need to do while in enforcing, just add this to your shell.te at the bottom and remember to remove it before production :) :
permissive shell; -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
