On 03/30/2017 01:19 PM, Martin Gansser wrote:
Hi,
boomaga SELinux module is not part of selinux-policy package, which means it's not maintained by Fedora SELinux team. I cloned boomaga repo and boomaga policy is part of permissivedomains, which means that boomaga rules won't be enforced by kernel, even if your system is in enforcing state. If you would like to fix this issue you can create local module:
$ cat boomaga_local.cil (allow boomaga_cups_t boomaga_cups_t(cap_userns (sys_ptrace)))
# semodule -i boomaga_local.cil #
I'll try to contact boomaga maintainer and provide patch for boomaga SELinux module.
that sounds good. many thanks Martin
current rpm spec file with selinux rules. http://pkgs.fedoraproject.org/cgit/rpms/boomaga.git/tree/boomaga.spec