[CentOS] RHEL 7 Beta is now public

Peter peter at pajamian.dhs.org
Thu Dec 12 18:49:02 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/13/2013 02:45 AM, Daniel J Walsh wrote:
> 
> What SELInux issue did you have?  What policy did you need to add?

Unfortunately I've misplaced the audit logs and report of the problem,
but this is the policy I had to add:

module mypol 1.0;

require {
	type unconfined_t;
	type sshd_net_t;
	type kernel_t;
	class process { dyntransition transition sigchld };
}

#============= kernel_t ==============
allow kernel_t sshd_net_t:process dyntransition;
allow kernel_t unconfined_t:process { dyntransition transition };

#============= sshd_net_t ==============
allow sshd_net_t kernel_t:process sigchld;


Peter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSqgUdAAoJEAUijw0EjkDvUv4H/0mpXttdzTV7ZfWtFiV+3nJF
Kd0wJ6hUxOJqiR/hmckFNKMatzCZBrinDEnOaNYrXLcAoCAVrX6bTQZkiiY4bIAD
7H3MSihnSIn5pBq6rcCtQcEIr56BetnMGtUJeQTIO8JZyYZvst3/8sdwXNd/1d2u
p0OaS7r/AEAXKaTsrUSrNAp/stzObvRJpqJecVXLBJP84A2uQQYoxp5NaUY9slli
qUt6UYRHMSyJgyZitG2FsyvtMM3y66a3lfell13GMIZbYvBXC7CbvjgmjXpQ5Ktt
4inIpt1tQynZJQodpcQ/FrR4BdURbHKwAvIdMRN/4z7c5ZCk294vAJ2f8Mdb1X0=
=3qfe
-----END PGP SIGNATURE-----



More information about the CentOS mailing list