[redhat-lspp] RBAC Roles
Stephen Smalley
sds at tycho.nsa.gov
Thu Sep 22 14:36:06 UTC 2005
On Thu, 2005-09-22 at 10:25 -0400, Daniel J Walsh wrote:
> I like the idea of telling SELinux to remove all dontaudit rules...
> Without haveing to rebuild/reload policy.
You'd still need to regenerate and reload policy, but you wouldn't need
any policy sources or checkpolicy. Instead, you'd just have a utility
that uses a new libsemanage/libsepol interface to remove avrules from
the existing binary policy, writes out the new binary policy, and loads
it into the kernel.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list