Dave Anderson on Nostr: In my quest to understand Fedora's SELinux policies, I've looked at the policy source ...
In my quest to understand Fedora's SELinux policies, I've looked at the policy source a bit, but it's all 11+ years of m4 macros and requires paging in quite a lot more context than I currently have.
OTOH, I used dedispol to just dump the "assembly language" version of my system's running policy, and I'm getting decent mileage out of just grep and sort.
On this system, to be unconfined the binary systemd executes needs to be tagged bin_t (/bin and /sbin binaries) or usr_t (/usr files).
OTOH, I used dedispol to just dump the "assembly language" version of my system's running policy, and I'm getting decent mileage out of just grep and sort.
On this system, to be unconfined the binary systemd executes needs to be tagged bin_t (/bin and /sbin binaries) or usr_t (/usr files).