Boolean to permit guest_u access
Miroslav Grepl
mgrepl at redhat.com
Thu Dec 1 19:34:32 UTC 2011
On 12/01/2011 05:10 PM, Konstantin Ryabitsev wrote:
> Hi, all:
>
> I have the following in my .te file:
>
> optional_policy(`
> gen_require(`
> type guest_t;
> role guest_r;
> ')
>
> my_app_run(guest_t, guest_r)
> ')
>
> But really, I'd like to make it a boolean that an admin can toggle --
> I'm not really keen on allowing guest_u to use this application by
> default. Something like:
>
> tunable_policy(`allow_guest_myapp_exec');
>
> How would I combine tunable_policy with optional_policy?
For example:
optional_policy(`
tunable_policy(`xguest_use_bluetooth',`
bluetooth_dbus_chat(xguest_t)
')
')
>
> Best,
More information about the selinux
mailing list