Versions Compared

Version Old Version 2 New Version Current
Changes made by

Edward Ned Harvey

Edward Ned Harvey

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
mkdir ~/mydaemon-sepolicy2
cd ~/mydaemon-sepolicy2

# Make up a meaningful name for the module, such as
"httpdwritehomes"
export newmod=mydaemonwritefilesmydaemonwritelog

audit2allow -m $newmod -l -i /var/log/audit/audit.log > $newmod.te

# Edit the $newmod.te file and verify that it looks like what you want.

# Finally, to build & install the new module:
checkmodule -M -m -o $newmod.mod $newmod.te
semodule_package -o $newmod.pp -m $newmod.mod
semodule -i $newmod.pp

...

Code Block
setenforce 1
systemctl stop mydaemon
ps -eZ | grep mydaemon
    # Confirm it's not running

rm -f /var/log/mydaemon.log 
systemctl start mydaemon
ps -eZ | grep mydaemon
    # Confirm it's running, and confined by selinux under mydaemon_t
    system_u:system_r:mydaemon_t:s0   54205 ?        00:00:00 mydaemon

# Confirm it's successfully writing
cat /var/log/mydaemon.log