On 04/25/2017 06:45 PM, Gordon Messmer wrote:
On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote:
Quick’n’(really) dirty SELinux howto:
Alternate process:
1: setenforce permissive
2: tail -f /var/log/audit/audit.log | grep AVC
3: use the service, exercise each function that's constrained by the
existing policy
4: copy and paste the output from the terminal used for #2 into
"audit2allow -M <modulename>"
5: setenforce enforcing
This process is less iterative, which can save a *lot* of time
building some policies.
How do I undo the damage the last attempt caused?
I am on the road right now (Venice, IT to speak tomorrow on Identity
Oriented Networking), and I left my test system running back home. To
get to it is two SSH hops. The WiFi in this hotel is a pain. It times
out after 1 hour and you have to do a web access. It does not
understand things like IMAP and SSH...
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
