| 1 |
On Mon, Feb 20, 2012 at 05:23:11PM -0500, Alain Toussaint wrote: |
| 2 |
> Pardon me for the dumb question but I'm having a migraine and must prepare |
| 3 |
> for a midterm tomorrow; |
| 4 |
> |
| 5 |
> > allow dovecot_t dovecot_etc_t:file read_file_perms; |
| 6 |
> |
| 7 |
> How do I do that? :) |
| 8 |
|
| 9 |
|
| 10 |
Hmm either I forgot to reply, or the reply didn't reach my mailbox, so here |
| 11 |
goes the answer ;-) |
| 12 |
|
| 13 |
http://www.gentoo.org/proj/en/hardened/selinux-faq.xml#localpolicy |
| 14 |
|
| 15 |
In short, you'll need to create a policy file, build it and include it in |
| 16 |
the system. The policy will be inserted in the policy store so that it is |
| 17 |
loaded every time you (re)boot the system, so you can remove the source file |
| 18 |
if you want. |
| 19 |
|
| 20 |
Usually you don't want to though. I personally have a single |
| 21 |
"localpolicy.te" file in which I put all my exceptional rules (that don't |
| 22 |
need to be part of the main policy, but are necessary on my system) and |
| 23 |
maintain that file. |
| 24 |
|
| 25 |
Wkr, |
| 26 |
Sven Vermeulen |
Archives