import recipes: todo add to site
This commit is contained in:
lf-
parent
3e4932f921
commit
33de49464e
10 changed files with 160 additions and 0 deletions
9
todo-recipes/selinux.md
Normal file
9
todo-recipes/selinux.md
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
# SELinux
|
||||
|
||||
`ausearch -m avc` to find denials. If there are none, that's probably because some distro maintainer decided that the denial should be silent:
|
||||
|
||||
`semodule -DB` turns on `dontaudit` events, `semodule -B` turns them back off.
|
||||
|
||||
When trying to get things to work correctly with `audit2allow`, skip the 15 minutes of doing things over and over triggering different denials and running `audit2allow -M mymodule < fails; semodule -i mymodule.pp` by just doing a quick `setenforce 0` before doing it once. All of the actions (AVCs?) in creating a file will show up in the log in one shot. Obviously turn on enforcing mode afterwards.
|
||||
|
||||
When in doubt, consult the [colouring book](https://people.redhat.com/duffy/selinux/selinux-coloring-book_A4-Stapled.pdf).
|
||||
Loading…
Add table
Add a link
Reference in a new issue