How can I create shadow_t file ?
Shintaro Fujiwara
shintaro.fujiwara at gmail.com
Wed May 13 14:48:58 UTC 2009
Yeh, I was forgetting the command "audit them all" stuff, thanks for
letting me know.
#after i semanage -DB
allow segatex_t security_t:filesystem getattr;
allow segatex_t self:process setfscreate;
allow segatex_t semanage_t:process { siginh rlimitinh noatsecure };
#============= semanage_t ==============
allow semanage_t setfiles_t:process { siginh rlimitinh noatsecure };
#end after i semanage -DB
I finally made it.
Both adding and deleting user.
Maybe I should add button to audit them all thing.
I remember RH original one had it, so.
Thanks !
2009/5/13 Stephen Smalley <sds at tycho.nsa.gov>:
> On Wed, 2009-05-13 at 23:01 +0900, Shintaro Fujiwara wrote:
>> Thank you.
>>
>> I updated my tool's policy including 2 interfaces you guys introduced.
>>
>> Still I can't add user from my tool and strangely, no AVC messages now
>> even I setSELinux permissive.
>> Of course when I set permissive, I can add user.
>> But, I don't have any denied logs now...
>>
>> No way out ?
>
> Run "semodule -DB" to strip dontaudit rules and try again.
> You'll have to wade through the irrelevant avc messages though.
>
> --
> Stephen Smalley
> National Security Agency
>
>
--
http://intrajp.no-ip.com/ Home Page
More information about the fedora-selinux-list
mailing list