Il 2023-05-19 18:56 Casper ha scritto:
With audit2allow, you can read from "auditd" logs then try to generate the .te file, then compile it into a Module Policy.
If you know how to write Type Enforcement[1] (.te) file, you will have to compile it manually into a loadable Module Policy file. This step is done automatically by audit2allow.
""" Module (or Non-base) Policy - These are optional policy source files that when compiled, can be dynamically loaded or unloaded within the policy store. By convention these files are named after the module or application they represent, with the compiled binary having a '.pp' extension. These files are compiled using the checkmodule command. """
CIL modules can be used with semodule because they are compiled by semodule directly, at install time.[2]
[1] https://selinuxproject.org/page/NB_TE [2] https://selinuxproject.org/page/PolicyLanguage
Thank you so much. Regards.
selinux@lists.fedoraproject.org