Il 2023-05-19 18:56 Casper ha scritto:
With audit2allow, you can read from "auditd" logs then try
to generate
the .te file, then compile it into a Module Policy.
If you know how to write Type Enforcement[1] (.te) file, you will have
to compile it manually into a loadable Module Policy file. This step
is done automatically by audit2allow.
"""
Module (or Non-base) Policy - These are optional policy source files
that when compiled, can be dynamically loaded or unloaded within the
policy store. By convention these files are named after the module or
application they represent, with the compiled binary having a '.pp'
extension. These files are compiled using the checkmodule command.
"""
CIL modules can be used with semodule because they are compiled by
semodule directly, at install time.[2]
[1]
https://selinuxproject.org/page/NB_TE
[2]
https://selinuxproject.org/page/PolicyLanguage
Thank you so much.
Regards.
--
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. -
www.assyoma.it
email: g.danti(a)assyoma.it - info(a)assyoma.it
GPG public key ID: FF5F32A8