Label for executable in tmp
by Aleksei Bedniakov
Hi,
I have a case with script which connects via ssh, transfers executable to /tmp folder and tries to run it. SELinux is blocking the execution, which is expected behavior from a security perspective.
Simple way is to create a rule `allow user_t user_home_t:file { execute };` execution, but I am unable to affect the user_t or process_t in my case. And that it is not secure to allow too wide execution rights for the /tmp folder.
I believe this scenario is common, but still unable to find a way to properly handle this. Is there a proper way to do this?
Thanks!
2 months
foresee rules needed
by Henry Zhang
Hi folks,
Is there any way to foresee any new rule should be allowed?
Now I have to wait for QA reporting new denied message from
/var/log/audit/audit.log
Any suggestions?
--henry
2 months, 1 week
OTA talks to cloud
by Henry Zhang
Hi folks,
My device wants to talk to the cloud for OTA. And I do:
allow axxxxxx_t self:fifo_file rw_fifo_file_perms;
allow axxxxxx_t self:unix_stream_socket { create_stream_socket_perms
connectto };
What else should be allowed?
Thanks.
---henry
2 months, 3 weeks
