On Fri, Jul 17, 2015 at 10:46:04AM +0000, Colin Powers wrote: <snip> > > Possible ideas: > * take ownership of the whole policy rather than build on top of the default RHEL policy, and customise the samba policy that is delivered? > * make a copy or symlink of the smbd daemon and apply custom policy to it? > * somehow relabel the existing smbd executable with a custom type that can only communicate on eth0_packet_t? > * but what's the best way to "override" the default policy? must I unload the samba policy module with semodule to allow smbd to be labelled with some other type? > * something else? You could try to disable the existing samba module , and then load your modified samba module in its place I theory that should work I believe. In practice you, may or may not end up in dependency hell. Worth a try though. semodule -d samba
Attachment:
pgpqyixB7LXS9.pgp
Description: PGP signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
