On 30 May 2011 09:52, Kurt Seifried <kurt(a)seifried.org> wrote:
I'm experimenting with a package that needs to have rsyslog write
to a
named fifo pipe (so log data can be handed off from rsyslog to an
external program). As I see it the options are:
1) apologize to the user and tell them to disable SELinux (no thanks)
2) get Fedora SELinux policy to add an exception (best case scenario I think)
3) tell the user how to manually modify policy and update it (which
might then break the next SELinux policy gets updated/etc.).
Is there any official process/advice for this? Thanks in advance.
I've found in the past that Dan et al., are pretty quick to respond if
you file a bug request asking for a change in policy for packages I
maintain in Fedora.
Of course, there's also a fourth alternative which is to ship a
SElinux module for your application in the package itself. It seems
like there was some work towards a standard for that, which seems to
have stalled:
http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules
J.