Stephen John Smoogen wrote:
Thanks for the datapoint. I haven't gotten spacewalk up to test that,
but it is appreciated.
On Tue, Jun 24, 2008 at 4:30 PM, Sean Allin <[EMAIL PROTECTED]> wrote:
I built this selinux module for the spacewalk-setup --disconnected step.
Hope it's of use.
module spacewalk 1.0;
require {
type unconfined_t;
type lib_t;
type var_log_t;
type httpd_t;
type etc_t;
type initrc_t;
type java_t;
class process { execstack execmem execheap };
class file { execute execute_no_trans execmod ioctl append };
}
#============= httpd_t ==============
allow httpd_t etc_t:file { execute execute_no_trans };
allow httpd_t self:process { execstack execmem execheap };
allow httpd_t var_log_t:file { ioctl append };
#============= initrc_t ==============
allow initrc_t lib_t:file execmod;
#============= java_t ==============
allow java_t lib_t:file execmod;
#============= unconfined_t ==============
allow unconfined_t lib_t:file execmod;
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
Just as an FYI - we are in early stages of outlining what we want to get
done with a possible SELinux policy for Proxy and Spacewalk on
Enterprise Linux 5 and Fedora 10 (or 9).
This is on our roadmap to be completed for Spacewalk 0.3 and has an
initial wiki page here:
https://fedorahosted.org/spacewalk/wiki/Features/SELinux
If you have any input/thoughts or idea's, then please do share. This
page also links to knowledge base articles for older Satellite 4.x on
Enterprise Linux 4 SELinux policies.
Cliff.
--
Clifford Perry
Team Lead, Satellite Engineering
Red Hat, Inc.
http://www.redhat.com/
+1 919 754 4403
RHCA / RHCE# 805007680128201
_______________________________________________
Spacewalk-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/spacewalk-list
