Lower Process Capabilities
Paul Howarth
paul at city-fan.org
Wed Aug 5 12:02:07 UTC 2009
On 31/07/09 01:09, Matthew Woehlke wrote:
> Bill McGonigle wrote:
>> What's it going to take to make most
>> people who shut off SELinux stop doing that?
>
> ...being able to install bleeding-edge devel KDE to
> /usr/local/my-kde-install and be able to use that as my primary desktop.
>
> I guess that would - at best - take some kind of "smart" auto-labeling
> on the first exec of an unlabeled process.
Could probably be done by using file context equivalence and a
restorecon run after the build completes:
# semanage fcontext -a -e /usr /usr/local/my-kde-install
# restorecon -rvF /usr/local/my-kde-install
http://danwalsh.livejournal.com/27571.html
Paul.
More information about the devel
mailing list