1 |
Chris PeBenito wrote: |
2 |
|
3 |
> It would be nice to find out more specifically what is going on with the |
4 |
> other two denials, but I suspect that it will be ok to allow. I use |
5 |
> dhcpcd on my server, but don't see this problem. |
6 |
|
7 |
Thanks for all your help so far. Over this weekend I upgraded to the |
8 |
new, modular SELinux policy and applied the strict policy to my system. |
9 |
This seems to have removed the majority of my audit messages, so I'm |
10 |
guessing the 2005.1 policy files were just out of date. |
11 |
|
12 |
I do have a few questions about the new policy setup. |
13 |
|
14 |
1. How can I see what policy rules are defined in a compiled policy |
15 |
module? I need to add some rules to handle interactions between |
16 |
multiple services but I want to make sure the labels are correct first, |
17 |
and use the correct domain types. But without the policy sources I |
18 |
haven't figured out how to see what rules are available. |
19 |
|
20 |
2. This one is specific to sudo. I added a couple of rules relating to |
21 |
sudo: |
22 |
|
23 |
allow sysadm_sudo_t self:netlink_route_socket r_netlink_socket_perms; |
24 |
allow sysadm_sudo_t pam_var_run_t:dir { getattr search write }; |
25 |
|
26 |
but I remember from looking through the older policy sources that sudo |
27 |
actually defines more than one $1_sudo_t type that all get the same |
28 |
rules. Is there a way in my local.te file to look up and apply my two |
29 |
transition rules to every defined *_sudo_t type, or will I need to |
30 |
specify each one individually? |
31 |
|
32 |
--Mike |
33 |
-- |
34 |
gentoo-hardened@g.o mailing list |