星期日, 6月 04, 2006

[Linux]SELinux tip

Today I want to use the commands of SELinux, but I found that my note was gone.
I tried to recall my memory for long times, then I got them back.

In general, if you are not familier with SELinux, you'd better turn it off.
So why do I have to use it?..... :(

SELinux policy is complicated...
Here is a simple way to generate policy.
First, you have to execute the program which is blocked by SELinux.
Then execute:
#audit2allow -d -o xxx.policy

This command will generate xxx.policy.

Copy this file to /etc/selinux/targeted/src/policy/domains/misc/ and rename it to local.te.
Change directory to /etc/selinux/targeted/src/policy/
Then use this command:
#make reload

That's all.

p.s. My distro is CentOS 4.3, I think this tip is compatible with RHEL, WHEL and Fedora.

沒有留言: