LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware > Linux - Embedded & Single-board computer
Reload this Page SELinux: allow line for any application
User Name
Password
Linux - Embedded & Single-board computer This forum is for the discussion of Linux on both embedded devices and single-board computers (such as the Raspberry Pi, BeagleBoard and PandaBoard). Discussions involving Arduino, plug computers and other micro-controller like devices are also welcome.

Notices


Reply
  Search this Thread
Old 12-21-2021, 05:34 AM   #1
JuventusFC
LQ Newbie
 
Registered: Jul 2018
Posts: 15

Rep: Reputation: Disabled
SELinux: allow line for any application

It's possible to write for SELinux an allow line for every application?

I.e. I am working on a Linux embedded distro and many applications need to explicitly allowed to make use of the pseudoterminal:

Code:
allow application_name devpts_t:chr_file { read write };
The process of finding any app that does not have this access is very tedious and has to be repeated for any new application... Any way to write just one line of devpts_t:chr_file rw access instead of doing it in several different policies?
 
Old 12-21-2021, 07:28 AM   #2
shruggy
Senior Member
 
Registered: Mar 2020
Posts: 3,678

Rep: Reputation: Disabled
What domain are all those processes running in? unconfined_t? Wouldn't it be a matter of
Code:
allow unconfined_t devpts_t:chr_file { read write };
then?
Last edited by shruggy; 12-21-2021 at 08:38 AM.
 
1 members found this post helpful.
Old 12-21-2021, 01:30 PM   #3
hoes
Member
 
Registered: Sep 2005
Distribution: debian, linux from scratch
Posts: 190

Rep: Reputation: 51
Another option would be to disable SElinux.
 
Old 12-21-2021, 07:23 PM   #4
scottieH
Member
 
Registered: Mar 2021
Posts: 58

Rep: Reputation: Disabled
Quote:
Originally Posted by hoes View Post
Another option would be to disable SElinux.
There are some security hardening requirements that dictate SELinux should be enabled. It is up to the individual Systems Administrators to determine what to allow or deny in SELinux.
 
  


Reply

Tags
selinux



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix and selinux [selinux updates broke postfix?] rjcroasdale Linux - Server 59 12-03-2019 11:17 PM
[SOLVED] kdiff3 doesn't allow me to compare line by line, any alternatives? Aquarius_Girl Linux - Software 7 03-03-2011 05:33 PM
SELinux errors, SELinux and wine ziphem Linux - Security 10 01-27-2011 04:15 PM
Selinux-how do i find out what domains have permissions on what type?(selinux policy) vishyc88 Linux - Security 2 11-22-2010 04:27 AM
"../system.h :selinux/selinux.h:no such file or directory" ashmita04 Linux From Scratch 4 02-05-2009 03:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware > Linux - Embedded & Single-board computer

All times are GMT -5. The time now is 07:38 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration