On Wed, 2008-09-03 at 11:04 -0500, Paul McDaid (JIRA) wrote: > [ > http://track.sipfoundry.org/browse/XECS-271?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel > ] > > Paul McDaid updated XECS-271: > ----------------------------- > > Attachment: patch-XECS-271.patch > > > sipX should have an SELinux policy so that it can run in strict mode > > --------------------------------------------------------------------
The SElinux policy looks very good, but I'd like to manage it a little differently than you did in this patch. I'd like to see this done as an install-time operation rather than a startup script operation. It's one of the goals of the 4.0 release to get stuff out of that startup script. I'd suggest packaging the semodule steps into a standalone script installed by sipXcommserverLib into $SIPX_LIBEXEC (add it to the libexec_SCRIPTS variable in sipXcommserverLib/src/Makefile.am). That script should then be executed by the %post script in sipXcommserverLib/sipxcommserverlib.spec.in . Can we install the policy regardless of the state of SElinux? If so, that seems good to me. The default state of SElinux should be set in the ISO setup (and not modified by sipXecs if the installation is just from RPMs). The build files for the ISOs are maintained in the private repository (not open source) at the moment - I'll get you a pointer to those, Paul, but I don't believe they can be modified at the moment due to move-related issues.
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev
