On Thu, Jun 25, 2020 at 8:54 PM Samuel Sieb wrote:
> On 6/24/20 12:03 PM, Iñaki Ucar wrote:
> > Thanks. I found another tutorial (from RedHat) which basically says:
> >
> > 1. Implement your service, give it a new SELinux type and run it.
> > 2. Collect all the complaints from SELinux.
> > 3.
On 6/24/20 12:03 PM, Iñaki Ucar wrote:
Thanks. I found another tutorial (from RedHat) which basically says:
1. Implement your service, give it a new SELinux type and run it.
2. Collect all the complaints from SELinux.
3. Use audit2allow to convert them to rules.
4. Repeat until you don't get
Dne 24. 06. 20 v 21:03 Iñaki Ucar napsal(a):
> 3. Use audit2allow to convert them to rules.
> 4. Repeat until you don't get any more complaints.
>
> And I cannot believe my eyes. Is this *really* the way to implement
> SELinux policies? It seems like a joke to me.
No. It is a bit complicated.
El mié., 24 jun. 2020 21:15, Jared K. Smith
escribió:
> On Wed, Jun 24, 2020 at 4:55 AM Iñaki Ucar
> wrote:
>
>> I need some help from a SELinux guru. TL;DR, I've developed a small
>> service. An app talks to this service, the service does some stuff
>> and, in the meanwhile, it reports the
On Wed, Jun 24, 2020 at 4:55 AM Iñaki Ucar wrote:
> I need some help from a SELinux guru. TL;DR, I've developed a small
> service. An app talks to this service, the service does some stuff
> and, in the meanwhile, it reports the progress to the app user by
> writing some messages into the stderr
On Wed, 24 Jun 2020 at 20:45, Nathanael D. Noblet wrote:
>
> On Wed, 2020-06-24 at 12:12 +0200, Iñaki Ucar wrote:
> > Thanks, I got [1] and [2] more or less covered thanks to the output
> > of
> > the SELinux troubleshooter. The missing parts were how to get
> > policies
> > into a subpackage
On Wed, 2020-06-24 at 12:12 +0200, Iñaki Ucar wrote:
> Thanks, I got [1] and [2] more or less covered thanks to the output
> of
> the SELinux troubleshooter. The missing parts were how to get
> policies
> into a subpackage (and [3] explains this, thanks), and how to write a
> rule just for my
On Wed, 24 Jun 2020 at 11:05, Qiyu Yan wrote:
>
> Run your program in permissive mode and use audit2why [1], to see what's
> wrong.
> If you have to allow that, you can use audit2allow [2] to produce a
> policy package to allow that behavior in package.
> I don't know how to make this into a
Run your program in permissive mode and use audit2why [1], to see what's wrong.
If you have to allow that, you can use audit2allow [2] to produce a
policy package to allow that behavior in package.
I don't know how to make this into a package, maybe [3] will help.
[1]
Hi,
I need some help from a SELinux guru. TL;DR, I've developed a small
service. An app talks to this service, the service does some stuff
and, in the meanwhile, it reports the progress to the app user by
writing some messages into the stderr (/proc//fd/2) of that app.
So far so good. Now, I
10 matches
Mail list logo