On Thu, Jun 25, 2020 at 8:54 PM Samuel Sieb wrote:
> On 6/24/20 12:03 PM, Iñaki Ucar wrote:
> > Thanks. I found another tutorial (from RedHat) which basically says:
> >
> > 1. Implement your service, give it a new SELinux type and run it.
> > 2. Collect all the complaints from SELinux.
> > 3. Use
On 6/24/20 12:03 PM, Iñaki Ucar wrote:
Thanks. I found another tutorial (from RedHat) which basically says:
1. Implement your service, give it a new SELinux type and run it.
2. Collect all the complaints from SELinux.
3. Use audit2allow to convert them to rules.
4. Repeat until you don't get any
Dne 24. 06. 20 v 21:03 Iñaki Ucar napsal(a):
> 3. Use audit2allow to convert them to rules.
> 4. Repeat until you don't get any more complaints.
>
> And I cannot believe my eyes. Is this *really* the way to implement
> SELinux policies? It seems like a joke to me.
No. It is a bit complicated. You
El mié., 24 jun. 2020 21:15, Jared K. Smith
escribió:
> On Wed, Jun 24, 2020 at 4:55 AM Iñaki Ucar
> wrote:
>
>> I need some help from a SELinux guru. TL;DR, I've developed a small
>> service. An app talks to this service, the service does some stuff
>> and, in the meanwhile, it reports the prog
On Wed, Jun 24, 2020 at 4:55 AM Iñaki Ucar wrote:
> I need some help from a SELinux guru. TL;DR, I've developed a small
> service. An app talks to this service, the service does some stuff
> and, in the meanwhile, it reports the progress to the app user by
> writing some messages into the stderr
On Wed, 24 Jun 2020 at 20:45, Nathanael D. Noblet wrote:
>
> On Wed, 2020-06-24 at 12:12 +0200, Iñaki Ucar wrote:
> > Thanks, I got [1] and [2] more or less covered thanks to the output
> > of
> > the SELinux troubleshooter. The missing parts were how to get
> > policies
> > into a subpackage (and
On Wed, 2020-06-24 at 12:12 +0200, Iñaki Ucar wrote:
> Thanks, I got [1] and [2] more or less covered thanks to the output
> of
> the SELinux troubleshooter. The missing parts were how to get
> policies
> into a subpackage (and [3] explains this, thanks), and how to write a
> rule just for my scrip
On Wed, 24 Jun 2020 at 11:05, Qiyu Yan wrote:
>
> Run your program in permissive mode and use audit2why [1], to see what's
> wrong.
> If you have to allow that, you can use audit2allow [2] to produce a
> policy package to allow that behavior in package.
> I don't know how to make this into a pack
Run your program in permissive mode and use audit2why [1], to see what's wrong.
If you have to allow that, you can use audit2allow [2] to produce a
policy package to allow that behavior in package.
I don't know how to make this into a package, maybe [3] will help.
[1] https://fedoraproject.org/wik
Hi,
I need some help from a SELinux guru. TL;DR, I've developed a small
service. An app talks to this service, the service does some stuff
and, in the meanwhile, it reports the progress to the app user by
writing some messages into the stderr (/proc//fd/2) of that app.
So far so good. Now, I keep
10 matches
Mail list logo