SeLinux and mail relaying
David G. Miller
dave at davenjudy.org
Mon Jul 10 13:10:12 UTC 2006
Paul Howarth <paul at city-fan.org> wrote:
>You don't need anything particularly complicated to do local policy
>changes in FC5 (it's much easier than in FC4 IMHO).
>
>See:
>http://fedoraproject.org/wiki/SELinux/LoadableModules/Audit2allow
>for example.
>
Actually you'll find its functionally the same but a lot of the "bones"
that show through in FC4 and earlier now remain hidden:
1) Use audit2allow to create a local ruleset.
2) Compile and load the local ruleset.
3) See if the local ruleset accomplishes what you wanted. If not, go to
step 1 and repeat.
The FC4 method just meant you also had to unpack the whole targeted
ruleset and remake it in order to add the local ruleset. On the other
hand, you get to see what's "under the hood" even though most people
doing this would leave it alone. The FC5 approach lets you just tack on
a local policy.
Also, I noticed that the article in the link mentions that "/!\ You need
to have have the checkpolicy package installed to build policy
modules". Is that a different RPM that the OP will need?
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
More information about the fedora-list
mailing list