A new SELinux feature which makes local SELinux policy adjustments much easier was not easy to notice
among all the complaints that SELinux is hard to use.
The `audit2allow` tool should be well-known by now:
given a snippet of the audit log, it outputs policy rules to allow all operations that are are currently prohibited.
The user is expected to add the rules to the (large) policy, recompile the policy and load it.
Finding the "right" place in the policy is not always obvious, though, and a future update of the `selinux-policy`
package might overwrite the modifications.
Now there is an alternative, very convenient especially when trying to extend the policy to handle a new daemon:
Run
> `audit2allow -M` modulename `-i` audit_log_file
This will create a binary loadable module modulename`.pp` that can be quickly loaded by
> `semodule -i` modulename`.pp`
or unloaded using
> `semodule -r` modulename
The `audit2allow` command also creates modulename`.te`, a plain-text representation of the module,
which can be edited and compiled to create a changed binary loadable module, or used as a basis for
patches to the default SELinux policy.
Friday, March 3, 2006
Thursday, February 16, 2006
Fedora Translation
[David](http://lovesunix.net/blog/?p=54), while the documentation for translators is not great,
the [Translation Project](http://fedora.redhat.com/About/Projects/translations/) pages contain enough
to get you started, and people on fedora-trans-list usually respond quite quickly.
Besides [the official status pages](http://i18n.redhat.com/cgi-bin/i18n-status) there are also
[my pages](http://carolina.mff.cuni.cz/~trmac/fedora-i18n.html), where you can download the latest `.po` files.
the [Translation Project](http://fedora.redhat.com/About/Projects/translations/) pages contain enough
to get you started, and people on fedora-trans-list usually respond quite quickly.
Besides [the official status pages](http://i18n.redhat.com/cgi-bin/i18n-status) there are also
[my pages](http://carolina.mff.cuni.cz/~trmac/fedora-i18n.html), where you can download the latest `.po` files.
Sunday, January 22, 2006
The Elements of Programming Style
I have happened to notice our school library provides this book, written by [Kernighan](http://cm.bell-labs.com/cm/cs/who/bwk/) and [Plauger](http://www.plauger.com/).
I found the guidelines not as surprising as the fact that our library has a copy---the book is a classic, after all,
and often quoted. Although some of the guidelines are Fortran-specific, most of them are still valid; it was
useful to read them all in one place.
I found other aspects of the book much more interesting, though:
I found the guidelines not as surprising as the fact that our library has a copy---the book is a classic, after all,
and often quoted. Although some of the guidelines are Fortran-specific, most of them are still valid; it was
useful to read them all in one place.
I found other aspects of the book much more interesting, though:
Wednesday, January 11, 2006
You can't please everyone
[Include Mono](https://www.redhat.com/archives/fedora-extras-list/2005-March/msg00279.html)
or [not](https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177604),
somebody will always want the opposite.
or [not](https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177604),
somebody will always want the opposite.
Wednesday, January 4, 2006
Ugly design tends to imply bugs
Quoting the `tcsh` manual page:
>
"The remaining commands on the current line are executed".
>
break
- Causes execution to resume after the
end
of the nearest enclosing
>foreach
or while.
> The remaining commands on the current line are executed. Multi-level breaks are thus possible by writing
> them all on one line.
>
>
>
"The remaining commands on the current line are executed".
Subscribe to:
Posts (Atom)