How to add a new application in targeted

Stephen Smalley sds at
Tue May 24 18:28:29 UTC 2005

On Tue, 2005-05-24 at 13:41 -0400, James Z. Li wrote:
> The genral question is that if I write policy files for an application
> which is currently not in targeted policy, like mydaemon.fc and
> mydaemon.te. What should I do besides 'make load' in order to 
> let Selinux know that I add a new daemon in targeted ?

You need to label the executable with the corresponding executable type,
e.g. restorecon /sbin/mydaemon, after loading the new policy.  That sets
the extended attribute on the executable file, so that SELinux will
subsequently perform a domain transition when it is executed.

Stephen Smalley
National Security Agency

More information about the fedora-selinux-list mailing list