« Return to Thread: Naive Qs about selinux modules
Naive Qs about selinux modules
by Johnson, Richard-2
::
Rate this Message:
Some parts of this message have been removed.
Learn more about Nabble's security policy.
Q: Can any SELinux directive be put into a policy smodule,
or are there restrictions?
For example: suppose I wanted to:
allow snmpd_t apmd_t:process
ptrace;
allow snmpd_t
auditd_t:process ptrace;
allow snmpd_t
automount_t:process ptrace;
[ …and so on ]
so that snmpd could access mib .1.3.6.1.2.1.6. (advisability
notwithstanding) Could these directives be put into a policy module even though
the base policy already has an snmpd i/f?
Q. Can a module define new booleans? If so are
they persistent if the module is unloaded and reloaded?
For example; an snmpd policy module with an snmpd_can_ptrace
boolean. Are there namespace conventions?
Q. What happens if the base policy (or another policy
modules) is updated with overlapping statements.
Am I correct in believing that the set of allows is the
union of the base allows + all module allows?
--rich
--
fedora-selinux-list mailing list
fedora-selinux-list@...
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
« Return to Thread: Naive Qs about selinux modules
| Free Forum Powered by Nabble | Forum Help |
