RHEL 6 SElinux policy for 2.1.5

Mon, 20 Jun 2011 21:25:51 -0700 

I used the 2.1.5 EPEL 6 packages from 
http://download.fedora.redhat.com/pub/epel/6/x86_64/repoview/varnish.html in 
our systems but it looks they are lacking the selinux policy.

It's not hard to create a policy but it's a repetitive and boring task.  See 
below for the policy we're using; no guarantees it will work with your 
particular configuration but hopefully that will save you some time and point 
you in the right direction.

I'm not sure why varnishd needs to write to /etc/varnish but oh well... :-)

# cat varnish.te 

module varnish 1.0;

require {
        type home_root_t;
        type varnishd_t;
        type boot_t;
        type varnishlog_t;
        type file_t;
        type varnishd_etc_t;
        class dir { write remove_name search getattr add_name };
        class file { execute setattr read create write getattr unlink open };
}

#============= varnishd_t ==============
allow varnishd_t boot_t:dir getattr;
allow varnishd_t file_t:dir search;
allow varnishd_t file_t:file { read write getattr };
allow varnishd_t home_root_t:dir getattr;
allow varnishd_t varnishd_etc_t:dir { write remove_name add_name };
allow varnishd_t varnishd_etc_t:file { write create unlink execute setattr };

#============= varnishlog_t ==============
allow varnishlog_t varnishd_etc_t:dir search;
allow varnishlog_t varnishd_etc_t:file open;
allow varnishlog_t varnishd_etc_t:file read;




______________________________________________________
    CONFIDENTIALITY NOTICE    
This electronic mail message, including any and/or all attachments, is for the 
sole use of the intended recipient(s), and may contain confidential and/or 
privileged information, pertaining to business conducted under the direction 
and supervision of the sending organization. All electronic mail messages, 
which may have been established as expressed views and/or opinions (stated 
either within the electronic mail message or any of its attachments), are left 
to the sole responsibility of that of the sender, and are not necessarily 
attributed to the sending organization. Unauthorized interception, review, use, 
disclosure or distribution of any such information contained within this 
electronic mail message and/or its attachment(s), is (are) strictly prohibited. 
If you are not the intended recipient, please contact the sender by replying to 
this electronic mail message, along with the destruction all copies of the 
original electronic mail message (along with any attachments).
______________________________________________________

_______________________________________________
varnish-misc mailing list
[email protected]
http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

Reply via email to