Linux Ubuntu development of selinux mode 'seuper' which will automatically change mode
There is setsebool, a policy-changing tool, but it's quite tricky to use effectively.
And when we started to run dpkg, apt, and pip install programs, we decided to use selinux's currunt mode as a permissive toolkit.
In addition, it will be possible to register the software policy so that the program that utilizes the Linux server user can automatically change the mode when it starts.
In addition, when the specified software is finished running, it automatically switches the policy back to 'enforcing'.
Most importantly, to prevent malicious software from running the process name in apt, dpkg, or other user-specific software to disturb selinux
Seuper will implement a method to check the PID of the process itself and to check the file system's '/ proc / pid / exe' to check whether the software is actually running and to switch modes when the process is detected.
Name : seuper (selinux for ubuntu patcher)
Development planned to be completed : 2주 ~ 1달
Development language : bash
Support architecture: all
Support OS : Linux ubuntu - all relreases.
If you are helpful, please press '♡' button..