Howdy/SELinux

From LinuxReviews
Jump to navigationJump to search

The Howdy facial recognition authentication program requires a SELinux module to work on Fedora. This is of course not included with in the Howdy package.

A module can be created by disabling SELinux (setenforce 0), starting a program that uses Howdy so what it does is logged, re-enabling SELinux (setenforce 1) and then running

ausearch -c python3 | audit2allow -m howdy >howdy.te

which produces the following proposed policy module:

File: howdy.te
module howdy 1.0;

require {
	type xdm_t;
	type sysctl_vm_t;
	type lib_t;
	type v4l_device_t;
	class dir { add_name create remove_name write };
	class file { create getattr open read rename write };
	class chr_file map;
}

#============= xdm_t ==============
allow xdm_t lib_t:dir { add_name create remove_name write };
allow xdm_t lib_t:file { create rename write };
allow xdm_t sysctl_vm_t:file { getattr open read };
allow xdm_t v4l_device_t:chr_file map;

You can simply copy and paste this fine proposed module if you like it and compile it and insert it with:

checkmodule -M -m -o howdy.mod howdy.te
semodule_package -o howdy.pp -m howdy.mod
semodule -i howdy.pp

This module was tested on Howdy version 2.6.1. It works for LightDM, ssdm, etc.

Back to Howdy


avatar

Anonymous (0ecced62d7)

2 months ago
Score 0
Very useful thank you!
Add your comment
LinuxReviews welcomes all comments. If you do not want to be anonymous, register or log in. It is free.