[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: How can I create shadow_t file ?
- From: Shintaro Fujiwara <shintaro fujiwara gmail com>
- To: Stephen Smalley <sds tycho nsa gov>, Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
- Cc:
- Subject: Re: How can I create shadow_t file ?
- Date: Wed, 13 May 2009 23:48:58 +0900
Yeh, I was forgetting the command "audit them all" stuff, thanks for
letting me know.
#after i semanage -DB
allow segatex_t security_t:filesystem getattr;
allow segatex_t self:process setfscreate;
allow segatex_t semanage_t:process { siginh rlimitinh noatsecure };
#============= semanage_t ==============
allow semanage_t setfiles_t:process { siginh rlimitinh noatsecure };
#end after i semanage -DB
I finally made it.
Both adding and deleting user.
Maybe I should add button to audit them all thing.
I remember RH original one had it, so.
Thanks !
2009/5/13 Stephen Smalley <sds tycho nsa gov>:
> On Wed, 2009-05-13 at 23:01 +0900, Shintaro Fujiwara wrote:
>> Thank you.
>>
>> I updated my tool's policy including 2 interfaces you guys introduced.
>>
>> Still I can't add user from my tool and strangely, no AVC messages now
>> even I setSELinux permissive.
>> Of course when I set permissive, I can add user.
>> But, I don't have any denied logs now...
>>
>> No way out ?
>
> Run "semodule -DB" to strip dontaudit rules and try again.
> You'll have to wade through the irrelevant avc messages though.
>
> --
> Stephen Smalley
> National Security Agency
>
>
--
http://intrajp.no-ip.com/ Home Page
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]