Dan Stromberg :
> Also, don't be overly hard on SELinux. It's a relatively young
> technology and may still adapt to such needs better in the future.
SELinux suffers from big problems, the biggest being its lack of a
proper methodology. There is no cookbook for developers for making their
product
On Sat, May 6, 2017 at 9:07 AM, Ian Pilcher wrote:
> On 05/06/2017 12:51 AM, dieter wrote:
> You're right. Seems that it's glibc's qsort().
>
> So it seems that any service written in Python (or any other program
> that uses qsort) needs to be given read access to most of /proc or deal
> with the
On 05/06/2017 10:07 AM, Ian Pilcher wrote:
> On 05/06/2017 12:51 AM, dieter wrote:
>> Personally, I doubt that you will find a reference.
>> Instead, I assume that the reference comes from the C runtime library.
>> It might hepl optimize memory management to know about "meminfo" details.
>
> You'r
On 05/06/2017 12:51 AM, dieter wrote:
Personally, I doubt that you will find a reference.
Instead, I assume that the reference comes from the C runtime library.
It might hepl optimize memory management to know about "meminfo" details.
You're right. Seems that it's glibc's qsort().
So it seems
On Fri, 05 May 2017 23:54:20 -0500, Ian Pilcher wrote:
> I am trying to write an SELinux policy to confine a simple service that
> I have written in Python, and I'm trying to decide whether to allow or
> dontaudit various denials.
>
> To start, I've reduced my service to the simplest case:
>
>
Ian Pilcher writes:
> ...
> Does anyone know why Python is trying to access this file, or what
> functionality I might be missing if I don't allow the access?
You could fetch the Python source core and search it for a reference
to "meminfo".
Personally, I doubt that you will find a reference.
In
I am trying to write an SELinux policy to confine a simple service that
I have written in Python, and I'm trying to decide whether to allow or
dontaudit various denials.
To start, I've reduced my service to the simplest case:
#!/usr/bin/python
import sys
sys.exit()
Running this program
