Following this, a SELinux Policy for SnortSnarf will be attached. May be useful as its own package, or possibly merged with the Snort policy.
Created attachment 34282 [details] SELinux Policy
in the future, please attach the policy files as the individual text files, rather than a tarball
Hmm, I don't see how this works. All of the allow sources are non-domains. For example: allow snortsnarf_exec_t snort_log_t:dir { search }; This doesn't do anything, since snortsnarf_exec_t is not a domain. You'd need a snortsnarf_t domain, and a transition to it, at least. If you'd like to revise your policy, I can look at it further, otherwise I'll close this bug.
please reopen if you'd like to submit a revised policy.