1 |
On Mon, Feb 20, 2012 at 05:23:11PM -0500, Alain Toussaint wrote: |
2 |
> Pardon me for the dumb question but I'm having a migraine and must prepare |
3 |
> for a midterm tomorrow; |
4 |
> |
5 |
> > allow dovecot_t dovecot_etc_t:file read_file_perms; |
6 |
> |
7 |
> How do I do that? :) |
8 |
|
9 |
|
10 |
Hmm either I forgot to reply, or the reply didn't reach my mailbox, so here |
11 |
goes the answer ;-) |
12 |
|
13 |
http://www.gentoo.org/proj/en/hardened/selinux-faq.xml#localpolicy |
14 |
|
15 |
In short, you'll need to create a policy file, build it and include it in |
16 |
the system. The policy will be inserted in the policy store so that it is |
17 |
loaded every time you (re)boot the system, so you can remove the source file |
18 |
if you want. |
19 |
|
20 |
Usually you don't want to though. I personally have a single |
21 |
"localpolicy.te" file in which I put all my exceptional rules (that don't |
22 |
need to be part of the main policy, but are necessary on my system) and |
23 |
maintain that file. |
24 |
|
25 |
Wkr, |
26 |
Sven Vermeulen |