On 7/25/05, Tracy R Reed <[EMAIL PROTECTED]> wrote: > In this case you are talking about having to > create your own custom access control policy > which will require you to become quite familiar > with the configuration of SE Linux policy as > well as all of the capabilities required by > your software (ports to bind to, > files/directories to access for read/write, > etc).
In the latest issue of SysAdmin, there's an excellent article on SELinux and audit2allow. You can have SELinux disallow everything not explicitly allowed, and then try to do what it is you want to do. SELinux will block it and tell you about it, and then you use audit2allow to say, "See that log message that says 'action blocked'? Don't block it anymore", and audit2allow will write the proper rule for you. The article says, "audit2allow is contained in the policycoreutils package in Fedora or RedHat-based systems. You can install this package using 'yum install policycoreutils'". -todd -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
