On Wed, 2020-06-24 at 12:12 +0200, Iñaki Ucar wrote:
Thanks, I got [1] and [2] more or less covered thanks to the output
of
the SELinux troubleshooter. The missing parts were how to get
policies
into a subpackage (and [3] explains this, thanks), and how to write a
rule just for my script, not for the whole python3 stack, and I'm
still missing that bit.
So I can't exactly point you to some documents but the link below may
help. The basic idea is you need to label your script and give it a
type and then allow that type to access the type/action its trying to
do. Like the httpd daemon has a type and there are then file types. and
a process running in the httpd_t domain can read files but not talk to
the network for example... Hope that helps.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...