question on new filecontext type and documentation issues

Daniel J Walsh dwalsh at redhat.com
Mon Sep 15 13:43:36 UTC 2008 

Sebastian Hennebrueder wrote:
> Hello,
> thank you for the nice solution you provided with Selinux.
> 
> I have two issues:
> 
> 1)
> I use Centos 5.2 which clones Redhat Enterprise Linux. I use the
> targeted policy.
> 
> Postfix and dovecot shares the certicates.  I solved the problem in a
> way that I copied the certificates and set the corresponding context.
> I don't like this approach. Alternatively  I can use the normal
> audit2allow approach to allow postfix access to dovecot or vice versa
> but I would like not to give them this right.
> The best solution is to create a new context which can be accessed by
> both domains.
> With the new module approach, how do I start to write a new context
> type? It is probably simple but I don't find the way to start by reading
> the documentation on the net.
> 
> 2)
> I am actually a Java developer running my own Linux server, so I am far
> away from being a Linux expert.
> My feeling is that the documentation is really hard to follow.
> 
> It was hard to find out how to interpret the audit.log. The only
> location  to explain the different attributes seams to be
>> http://seedit.sourceforge.net/doc/access_vectors/
>> <javascript:void(0);/*1221395834258*/>
> But still some documented log entries would be fine, e.g. what does a
> socket connect require, what does a search for the config file in /etc
> require, ...
> 
> I found the tip to use sealert -a on the
> http://wiki.centos.org/HowTos/SELinux
> <javascript:void(0);/*1221395813896*/>
> 
> I found the statement do 'cat audit.log | audit2allow ...' but don't
> trust the result somewhere. But well, if I shouldn't trust, I would
> appreciate to analyse as well.
> 
> Your wiki does note
> http://people.redhat.com/dwalsh/SELinux/Presentations/ManageRHEL5.pdf
> <javascript:void(0);/*1221395820244*/> which is a good resource after
> having understood the basics
> 
> The next page told me about sesearch, which is a very important tool IMHO.
> http://www.durchmesser.ch/wiki/SELinux
> <javascript:void(0);/*1221395840703*/>
> 
> I still have no idea how to find information on the different macros
> which where noted somewhere.
> 
> From my beginner point of view, I noted my steps and resources on my
> blog at http://www.laliluna.de/blog/
> 
> To summarize, I would appreciate a somehow more centralized complete
> documentation, much more oriented to practical use cases.
> 
> Best Regards
> 
> Sebastian
> 
> 
> -- 
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Sebastian, I answered in my blog:

http://danwalsh.livejournal.com/24147.html

More information about the fedora-selinux-list mailing list