Permissive mode on individual services
Stephen Smalley
sds at epoch.ncsc.mil
Mon Jan 31 12:36:14 UTC 2005
On Sun, 2005-01-30 at 12:14, Sitsofe Wheeler wrote:
> Hello,
>
> In a similar way to the way that selinux can be turned on or off for a
> single service like apache, is there anyway to selectively have
> permissive mode on just one service and enforcing on all the rest?
Not presently. It would however be straightforward to add a macro the
policy that includes both the allow rules from unconfined_domain and a
corresponding auditallow rule for each such allow rule, so that when you
apply that macro to a domain, it will be allowed to do everything but
all of its accesses will be audited.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list