[Fedora-packaging] SELinux testing

Hans Ulrich Niedermann rhbugs at n-dimensional.de
Fri Sep 8 22:49:38 UTC 2006

James Morris <jmorris at redhat.com> writes:

> This guideline would request that developers test their package with 
> SELinux enabled (and by this I mean in enforcing mode) and follow a simple 
> procedure:
> 1. Ensure they have the latest SELiunx policy installed.
> 2. Boot with selinux=1 and in enforcing mode.
> 3. Perform the normal testing of their application.

Using which policy? targeted? strict? mls?

Testing with "targeted" should be a "MUST" requirement IMHO, but
requiring "strict" or "mls" will cause problems.

> 4. Check syslog (or /var/log/audit/audit.log if audit is enabled) for AVC 
>    messages related to their package.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-packaging/attachments/20060909/ec29b227/attachment.sig>

More information about the Fedora-packaging mailing list