Simplicity is a form of art...

A SELinux policy for incron: marking types eligible for watching
by Sven Vermeulen, post on Wed 29 May 2013

In the previous post we made incrond able to watch public_content_t and public_content_rw_t types. However, this is not scalable, so we might want to be able to update the policy more dynamically with additional types. To accomplish this, we will make types eligible for watching through an attribute.

So how …

A SELinux policy for incron: default set
by Sven Vermeulen, post on Tue 28 May 2013

I finished the last post a bit with a cliffhanger as incrond is still not working properly, and we got a few denials that needed to be resolved; here they are again for your convenience:

type=AVC msg=audit(1368734110.912:28353): avc:  denied  { getattr } for  pid=9716 comm="incrond …

A SELinux policy for incron: the incrond daemon
by Sven Vermeulen, post on Mon 27 May 2013

With incrontab_t (hopefully) complete, let's look at the incrond_t domain. As this domain will also be used to execute the user (and system) commands provided through the incrontabs, we need to consider how we are going to deal with this wide range of possible permissions that it might take. One …