James Morris <jmorris(a)redhat.com> writes:
This guideline would request that developers test their package with
SELinux enabled (and by this I mean in enforcing mode) and follow a simple
procedure:
1. Ensure they have the latest SELiunx policy installed.
2. Boot with selinux=1 and in enforcing mode.
3. Perform the normal testing of their application.
Using which policy? targeted? strict? mls?
Testing with "targeted" should be a "MUST" requirement IMHO, but
requiring "strict" or "mls" will cause problems.
4. Check syslog (or /var/log/audit/audit.log if audit is enabled) for
AVC
messages related to their package.
Gruß,
Uli