[SGVLUG] Flag this message Re: Red Hat Follow Up
matti
mathew_2000 at yahoo.com
Mon Jan 12 13:01:49 PST 2009
fyi - I'm forwarding this for Mike... somehow his reply
didn't get thru
---------------------------- Original Message ----------------------------
Subject: Re: [SGVLUG] Red Hat Follow Up
From: "Mike Rubel" <mrubel at lebur.net>
Date: Sun, January 11, 2009 2:26 pm
To: "SGVLUG Discussion List." <sgvlug at sgvlug.net>
Cc: sgvlug at sgvlug.net
--------------------------------------------------------------------------
> Akrash from Red Hat sent an e-mail asking how deep of a talk we'd like to
> have. I'm a beginner on the topics of realtime and selinux so I am
> leaving it up to those who requested the topic. How deep would you like
> them to go?
I would love to learn how to think about, and craft, selinux policy to
solve system design problems. I can make use of chcon, the -Z flags, and
the occasional setsebool to make things work and lock services down, but
these are always minor adjustments to the default policy, and I don't
really understand the default policy as a whole.
If I have created a new service or daemon, for example, how do I create a
selinux policy to lock it down? Or, if I want to change the access given
to an existing service, such as giving httpd access to a new top-level
directory, what's the right approach?
Thanks!
-Mike
More information about the SGVLUG
mailing list