Todd Walton wrote: > On 7/25/05, Tracy R Reed <[EMAIL PROTECTED]> wrote: > > In this case you are talking about having to create your own custom > > access control policy which will require you to become quite > > familiar with the configuration of SE Linux policy as well as all of > > the capabilities required by your software (ports to bind to, > > files/directories to access for read/write, etc). > > In the latest issue of SysAdmin, there's an excellent article on > SELinux and audit2allow. You can have SELinux disallow everything not > explicitly allowed, and then try to do what it is you want to do. > SELinux will block it and tell you about it, and then you use > audit2allow to say, "See that log message that says 'action blocked'? > Don't block it anymore", and audit2allow will write the proper rule > for you. The article says, "audit2allow is contained in the > policycoreutils package in Fedora or RedHat-based systems. You can > install this package using 'yum install policycoreutils'".
or ``aptitude install policycoreutils'' on Debian 3.1 (Sarge). -john -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
