On Tue, 2017-08-15 at 21:50 +0300, Joonas Sarajärvi wrote:
Adam Williamson kirjoitti 15.08.2017 klo 02:37:
> Of course, for day-to-day Rawhide users, booting with 'enforcing=0' can
> work around these issues for now (or you could, I suppose, create a
> local policy that just blanket allowed the 'map' permission in all
> cases, so all other SELinux restrictions would remain in place).
For those less familiar with SELinux but still using it and wishing to
keep things that way, it would be awesome to have a quick summary (or
just pointer to documentation) on how you do this. It sounds like a
fairly straightforward task to describe if you know your way around SELinux.
Welp, that's me busted: I would've had to look up specifically how to
do this, and I was too lazy to. :P I do create custom policies very
occasionally, but not often enough to remember exactly how to do it off
the top of my head (I always have to look it up), and I don't think
I've tried one which just blanket allows a permission in *all* cases
before.
The reference I usually start from, FWIW, is:
https://wiki.centos.org/HowTos/SELinux#head-aa437f65e1c7873cddbafd9e9a73b...
There are various other references (mainly in RHEL and SELinux
documentation) that you can find by googling stuff like 'selinux custom
policy', and with the help of those I usually muddle through...
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net