On 6/24/20 12:03 PM, Iñaki Ucar wrote:
Thanks. I found another tutorial (from RedHat) which basically says:
1. Implement your service, give it a new SELinux type and run it.
2. Collect all the complaints from SELinux.
3. Use audit2allow to convert them to rules.
4. Repeat until you don't get any more complaints.
And I cannot believe my eyes. Is this *really* the way to implement
SELinux policies? It seems like a joke to me. Isn't there any notion
of inheritance or something like that? Like, I want my type to have
I suppose that's the "easy" way. The better way would be to figure out
what permissions and transitions your service needs and write the rules
for that.
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
