Unfortunately, I have to allow for it to "work" now, but I don't want do
turn off selinux.
My first draft is this, by the way, and it's "working", so managers are off
/etc/rc\.d/init\.d/ai -- gen_context(system_u:object_r:ai_initrc_exec_t,s0)
/usr/r/bin/aiadmin -- gen_context(system_u:object_r:ai_initrc_exec_t,s0)
/usr/r/bin/aiclient -- gen_context(system_u:object_r:ai_exec_t,s0)
/usr/r/bin/aiagent -- gen_context(system_u:object_r:ai_exec_t,s0)
I just need to figure out what kind of auditallow statement to put in so it will log what
wasn't specifically allowed only.
The biggest challenge for me, so far, is to figure out all those macros from
/usr/share/selinux/devel/include, I can't find any document that would have them all.