|
|
|
|
|
|
by snuxoll
3427 days ago
|
|
|
audit2allow is the single greatest tool I've ever used for dealing with SELinux, people need to hear it's name sung from the mountains. I actually write SELinux policies for software I develop, first thing I do is put them in the most restrictive context imaginable with no permissions, set SELinux in permissive mode and run the application through it's paces, at the end run audit2allow and there's 90% of the work done for you outside of defining fcontext's. |
|
|