How to add a new application in targeted
Stephen Smalley
sds at tycho.nsa.gov
Tue May 24 18:28:29 UTC 2005
On Tue, 2005-05-24 at 13:41 -0400, James Z. Li wrote:
> The genral question is that if I write policy files for an application
> which is currently not in targeted policy, like mydaemon.fc and
> mydaemon.te. What should I do besides 'make load' in order to
> let Selinux know that I add a new daemon in targeted ?
You need to label the executable with the corresponding executable type,
e.g. restorecon /sbin/mydaemon, after loading the new policy. That sets
the extended attribute on the executable file, so that SELinux will
subsequently perform a domain transition when it is executed.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list