Thanks, that fixed a lot of it. Sven's answer makes a bit more sense
now :)
The only ones remaining (for me anyway) don't seem to be related to file
contexts (ie, fail2ban is still incorrect, since it doesn't use
start-stop-daemon -- it's just missing the init_daemon_pid_file),
so there may be a f
On Sat, Aug 16, 2014 at 03:46:43PM -0400, Ben Pritchard wrote:
> Hello all
>
> In March, I reported some issues with SELinux contexts in /run. (I seem
> to have misplaced the email -- archive at
> http://article.gmane.org/gmane.linux.gentoo.hardened/6180).
>
> It look like Sven added the function
I think that the call to init_daemon_pidfile is probably missing a context
definition in the .fc file for those locations that checkpath is enforcing.
You can file a bug for this (a single bug is fine, we don't need one for
every missing definition). We will upstream it when appropriate.
Wkr
S
Hello all
In March, I reported some issues with SELinux contexts in /run. (I seem
to have misplaced the email -- archive at
http://article.gmane.org/gmane.linux.gentoo.hardened/6180).
It look like Sven added the functionality a few months ago, and it is
available in version 2.20140311-r5 (current
Hi guys,
Another SELinux question mail. While developing SELinux policies for system
services, I often hit the problem that we don't have a "security model" in
place that defines (or documents) how we want to tackle policy development
for services.
For desktop applications, we somewhat have one [
