What to do if a package needs a modified SELinux policy?
Ricky Zhou
ricky at fedoraproject.org
Mon May 30 10:39:55 UTC 2011
On 2011-05-30 02:52:57 AM, Kurt Seifried wrote:
> I'm experimenting with a package that needs to have rsyslog write to a
> named fifo pipe (so log data can be handed off from rsyslog to an
> external program). As I see it the options are:
>
> 1) apologize to the user and tell them to disable SELinux (no thanks)
> 2) get Fedora SELinux policy to add an exception (best case scenario I think)
> 3) tell the user how to manually modify policy and update it (which
> might then break the next SELinux policy gets updated/etc.).
This sounds like a good thing to have as an SELinux boolean, so you can
probably get that added to selinux-policy and then tell users of your
package to turn the boolean on.
Thanks,
Ricky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20110530/2bd82683/attachment.bin
More information about the devel
mailing list