[Spacewalk-list] selinux policy file for spacewalk setup step on centos
Clifford Perry
cperry at redhat.com
Fri Aug 1 17:14:15 UTC 2008
Stephen John Smoogen wrote:
> Thanks for the datapoint. I haven't gotten spacewalk up to test that,
> but it is appreciated.
>
> On Tue, Jun 24, 2008 at 4:30 PM, Sean Allin <allins at spawar.navy.mil> wrote:
>> I built this selinux module for the spacewalk-setup --disconnected step.
>> Hope it's of use.
>>
>>
>> module spacewalk 1.0;
>>
>> require {
>> type unconfined_t;
>> type lib_t;
>> type var_log_t;
>> type httpd_t;
>> type etc_t;
>> type initrc_t;
>> type java_t;
>> class process { execstack execmem execheap };
>> class file { execute execute_no_trans execmod ioctl append };
>> }
>>
>> #============= httpd_t ==============
>> allow httpd_t etc_t:file { execute execute_no_trans };
>> allow httpd_t self:process { execstack execmem execheap };
>> allow httpd_t var_log_t:file { ioctl append };
>>
>> #============= initrc_t ==============
>> allow initrc_t lib_t:file execmod;
>>
>> #============= java_t ==============
>> allow java_t lib_t:file execmod;
>>
>> #============= unconfined_t ==============
>> allow unconfined_t lib_t:file execmod;
>>
>>
>> _______________________________________________
>> Spacewalk-list mailing list
>> Spacewalk-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/spacewalk-list
>>
>
>
>
Just as an FYI - we are in early stages of outlining what we want to get
done with a possible SELinux policy for Proxy and Spacewalk on
Enterprise Linux 5 and Fedora 10 (or 9).
This is on our roadmap to be completed for Spacewalk 0.3 and has an
initial wiki page here:
https://fedorahosted.org/spacewalk/wiki/Features/SELinux
If you have any input/thoughts or idea's, then please do share. This
page also links to knowledge base articles for older Satellite 4.x on
Enterprise Linux 4 SELinux policies.
Cliff.
--
Clifford Perry
Team Lead, Satellite Engineering
Red Hat, Inc.
http://www.redhat.com/
+1 919 754 4403
RHCA / RHCE# 805007680128201
More information about the Spacewalk-list
mailing list