On 1/27/22 01:58, al so wrote:
Better yet, how to selectively enable Permissive mode for only a few
linux processes on a system where SELinux is globally enforced?
It is going to be an interim measure only before you dismiss it as
insecure practice.
On Wed, Jan 26, 2022 at 4:53 PM al so <volkswak(a)gmail.com>
wrote:
On a system where SELinux is enforced, how to selectively disable
SELinux on a few custom linux processes without impacting the rest?
Check the `semanage permissive` command (in fedora 35 its in package:
policycoreutils-python-utils). You'll need to figure out, what type your
process runs as (maybe `ps -efZ`)
Examples from the man page:
List all permissive modules
# semanage permissive -l
Make httpd_t (Web Server) a permissive domain
# semanage permissive -a httpd_t