----- Original Message -----
From: "Gionatan Danti" <g.danti(a)assyoma.it>
To: selinux(a)lists.fedoraproject.org
Sent: Wednesday, March 14, 2018 4:46:17 PM
Subject: Two questions about selinux
Hi all,
I have two questions about selinux.
1) Suppose I have a file which should be shared by two processes with
two different security context (ie: proc_a_t and proc_b_t). I am right
saying that I *must* create a policy to grant access to both processes
for both contexts? Or is it possible to assign *two* labels/contexts to
a file/directory?
Create policy to grant access to both process types
2) Suppose that, by using audit2allow, I created a custom policy
module.
Time passed, and I lost the original template file, leaving only the
binary policy module. If I then need to add some other customization, do
I need to create a new policy or can I modify the original, binary-only
policy?
If the policy was compiled as *.pp policy modules then these can be converted to CIL code
using the /usr/libexec/selinux/hll/pp binary (assuming you are running an updated binary
policy version)
Thanks.
--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. -
www.assyoma.it
email: g.danti(a)assyoma.it - info(a)assyoma.it
GPG public key ID: FF5F32A8
_______________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
--
Simon Sekidde
gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E