Hi, all:
I have the following in my .te file:
optional_policy(`
gen_require(`
type guest_t;
role guest_r;
')
my_app_run(guest_t, guest_r)
')
But really, I'd like to make it a boolean that an admin can toggle --
I'm not really keen on allowing guest_u to use this application by
default. Something like:
tunable_policy(`allow_guest_myapp_exec');
How would I combine tunable_policy with optional_policy?
Best,
--
Konstantin Ryabitsev
Systems Administrator
The Linux Foundation
Montréal, Québec