On 03/30/2017 01:19 PM, Martin Gansser wrote:
Hi,
boomaga SELinux module is not part of selinux-policy package, which
means it's not maintained by Fedora SELinux team. I cloned boomaga repo
and boomaga policy is part of permissivedomains, which means that
boomaga rules won't be enforced by kernel, even if your system is in
enforcing state. If you would like to fix this issue you can create
local module:
$ cat boomaga_local.cil
(allow boomaga_cups_t boomaga_cups_t(cap_userns (sys_ptrace)))
# semodule -i boomaga_local.cil
#
I'll try to contact boomaga maintainer and provide patch for boomaga
SELinux module.
that sounds good.
many thanks
Martin
current rpm spec file with selinux rules.
http://pkgs.fedoraproject.org/cgit/rpms/boomaga.git/tree/boomaga.spec