Re: Two questions about selinux
On 14/03/2018 22:32, Simon Sekidde wrote:
Create policy to grant access to both process types
Ok, as I am doing right now :)
Thanks for confirmation.
If the policy was compiled as *.pp policy modules then these can be
converted to CIL code using the /usr/libexec/selinux/hll/pp binary (assuming you are
running an updated binary policy version)
So the process would be:
- use pp to regenerate the template file;
- edit the newly generated template file adding the required entries;
- re-compile it to generate the new binary policy.
This means that direct binary patching (without regenerating the
text-based template file) is not possible, right? Am I missing something
else?
Regards.
--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti(a)assyoma.it - info(a)assyoma.it
GPG public key ID: FF5F32A8