an easy way to edit security policies in fc6
Stephen Smalley
sds at tycho.nsa.gov
Wed Feb 7 18:13:15 UTC 2007
On Wed, 2007-02-07 at 19:07 +0100, selinux at lucullo.it wrote:
> hi,
>
> i'm new to selinux and i need to know how can i easy modify
> a selinux targeted policy rule in fc6.
>
> my apache can't write in a /var subdir.
>
> my idea is to start looking in to logs and then edit the
> policy (or the files attributes) to avoid problems.
audit2allow will automatically turn audit logs into allow rules, but you
shouldn't blindly take its results. In your particular case, if you
labeled the files in that /var subdirectory with an appropriate type,
then apache would be able to write to it.
> is there an easy tool for editing policy source?
>
> is there a complete how to (for fc6 targeted selinux)?
Read the Fedora SELinux FAQ and the Fedora SELinux wiki pages.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list