[CentOS] SELinux policy module sources
Jim Perrin
jperrin at gmail.com
Mon May 5 17:00:57 UTC 2008
On Mon, May 5, 2008 at 12:42 PM, Ingemar Nilsson <init at kth.se> wrote:
> Lots of questions, but the documentation on this subject isn't exactly
> stellar. :)
With CentOS 5, you don't really need the selinux module source
anymore. It's usually enough to clear the logs and in permissive mode,
run the offending application. Then 'grep yourapp
/var/log/audit/audit.log | audit2allow -M localmodname'. Check the
module for sanity and make sure it's not allowing god-knows-what, then
semodule -i localmodname. It'll be there on reboot from now on. no
need (although it's a good idea) to keep the module file hanging
around.
--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
More information about the CentOS
mailing list