-
Notifications
You must be signed in to change notification settings - Fork 10
SELinux
Federico Di Pierro edited this page Nov 28, 2020
·
4 revisions
A Clight user, @tminor, spent some time fixing Clightd integration with SELinux,
and finally offered its contribution: a SELinux type enforcement file:
module clightd 1.0;
require {
type init_t;
type xserver_t;
type xauth_home_t;
type v4l_device_t;
class chr_file { ioctl map open read write };
class unix_stream_socket connectto;
class file { getattr open read };
}
#============= init_t ==============
allow init_t v4l_device_t:chr_file { ioctl map open read write };
allow init_t xauth_home_t:file getattr;
allow init_t xauth_home_t:file { open read };
allow init_t xserver_t:unix_stream_socket connectto;
To actually import the .te (type enforcement) file, issue (thanks @perceival) :
checkmodule -M -m -o clightd.mod clightd.te
semodule_package -o clightd.pp -m clightd.mod
sudo semodule -i clightd.pp
Thanks for this contribution and happy tweaking!