SELinux create policy with audit2allow
Hello to all the members. This is my first question. I have Fedora 10 running SELinux in enforcing mode. I have encountered a number of denials. I expected this. When I installed the system, I set SELinux to disabled to set the booleans I required. I then reset the mode to enforcing. My question is, should I add a module for each denial as I run into them or wait until I have multiple things to allow. TIA
|
As Red Hat was one of the first distributions to champion SE Linux and Fedora inherited RH's documentation standards, the docs that came with your installation, the Fedora website and Wiki should be your first port of call. Next up, since posting here, could be searching LQ for any threads containing the term "selinux" and "audit2allow". Not that suprisingly, this was asked before. Not that I don't know the answer, don't want to answer or put this as an RTFM-like response but you know the fish slash fishing rod thingie in terms of selfreliance and such, right?
|
Quote:
|
As you understand what SE Linux governs and having weeded out most denials the default ways, sure, you could split them up and add a module fo each of them. OTOH, since it will be a local policy adjustment, but what's the benefit of having multiple modules? Usually it's not like you would manage SE Linux in a fine-grained way by regularly inserting, swapping or removing modules and wrt functionality it makes no difference: rules get loaded and that's about it.
|
Quote:
|
All times are GMT -5. The time now is 09:43 PM. |