Today I want to use the commands of SELinux, but I found that my note was gone.
I tried to recall my memory for long times, then I got them back.
In general, if you are not familier with SELinux, you'd better turn it off.
So why do I have to use it?..... :(
SELinux policy is complicated...
Here is a simple way to generate policy.
First, you have to execute the program which is blocked by SELinux.
Then execute:
#audit2allow -d -o xxx.policy
This command will generate xxx.policy.
Copy this file to /etc/selinux/targeted/src/policy/domains/misc/ and rename it to local.te.
Change directory to /etc/selinux/targeted/src/policy/
Then use this command:
#make reload
That's all.
p.s. My distro is CentOS 4.3, I think this tip is compatible with RHEL, WHEL and Fedora.
沒有留言:
張貼留言