[Fedora-packaging] SELinux testing
Hans Ulrich Niedermann
rhbugs at n-dimensional.de
Fri Sep 8 22:49:38 UTC 2006
James Morris <jmorris at redhat.com> writes:
> This guideline would request that developers test their package with
> SELinux enabled (and by this I mean in enforcing mode) and follow a simple
> procedure:
>
> 1. Ensure they have the latest SELiunx policy installed.
> 2. Boot with selinux=1 and in enforcing mode.
> 3. Perform the normal testing of their application.
Using which policy? targeted? strict? mls?
Testing with "targeted" should be a "MUST" requirement IMHO, but
requiring "strict" or "mls" will cause problems.
> 4. Check syslog (or /var/log/audit/audit.log if audit is enabled) for AVC
> messages related to their package.
Gruß,
Uli
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-packaging/attachments/20060909/ec29b227/attachment.sig>
More information about the Fedora-packaging
mailing list