Difference between revisions of "Selinux"
Jump to navigation
Jump to search
| Line 4: | Line 4: | ||
make -f /usr/share/selinux/devel/Makefile | make -f /usr/share/selinux/devel/Makefile | ||
semodule -i newrelic | semodule -i newrelic | ||
| + | ==Alternative== | ||
| + | grep httpd /var/log/audit/audit.log | audit2allow -M newrelic | ||
| + | semodule -i newrelic.pp | ||
=Show why selinux is being an asshole= | =Show why selinux is being an asshole= | ||
sealert -a /var/log/audit/audit.log | sealert -a /var/log/audit/audit.log | ||
* sealert is provided by the package ''setroubleshoot'' | * sealert is provided by the package ''setroubleshoot'' | ||
Revision as of 13:20, 28 October 2011
Create Custom Modules
Requires package selinux-policy-devel
grep http /var/log/audit/audit.log | audit2allow -m newrelicsock > /tmp/newrelic.te make -f /usr/share/selinux/devel/Makefile semodule -i newrelic
Alternative
grep httpd /var/log/audit/audit.log | audit2allow -M newrelic semodule -i newrelic.pp
Show why selinux is being an asshole
sealert -a /var/log/audit/audit.log
- sealert is provided by the package setroubleshoot