Selfmade policy not getting enforced on Fedora9
Stefan Schleifer
stefan.schleifer at gmail.com
Wed May 28 20:03:33 UTC 2008
On May 28, 2008, at 9:23 PM, Stefan Schleifer wrote:
>
> Hey,
>
> You folks rock, thx a bunch. I forget the transition rule. As
> suggested, I added:
>
>
> domain_auto_trans(unconfined_t, demo_exec_t, demo_t);
>
>
> and now the app runs as demo_t:
>
>
> [stefan at localhost policy]$ ps -efZ | grep demo
> unconfined_u:unconfined_r:demo_t:s0-s0:c0.c1023 root 2856 2510 0
> 20:56 pts/2 00:00:00 /usr/local/bin/demo
>
> (...)
Hi,
After running semodule -DB & semodule -B (as suggested by Daniel), I
got a few messages in /var/log/audit/audit.log and managed to modify
the policy in a way it works now.
Closing, many many thanks to your quick and, of course, very helpful
answers.
Thx a lot!
Best regards,
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080528/8136401b/attachment.sig>
More information about the fedora-selinux-list
mailing list