enabling selinux
David Hollis
dhollis at davehollis.com
Thu Dec 9 21:54:26 UTC 2004
On Thu, 2004-12-09 at 14:52 -0600, Steven Pritchard wrote:
> Excuse me for a stupid selinux question...
>
> Is there something I have to do when packaging a daemon to make
> selinux policy apply to it?
>
> I have an OpenVPN package in the fedora.us QA queue
> (https://bugzilla.fedora.us/show_bug.cgi?id=1531). I noticed that
> selinux-policy-targeted-sources includes a file openvpn.fc, but I have
> no idea how to connect the dots to make it all work...
Looking into it a bit, I found that the openvpn.fc sets up the file
contexts so that the openvpn files can be confined to an openvpn
specific domain. Unfortunately, there isn't an openvpn domain specified
at this point. The openvpn.fc file is essentially ignored (with a
targeted policy anyway) since there is not an associated
domains/program/openvpn.te file to define the domain.
As far as the RPM itself goes, I don't think that there is anything
specific that you would need to do for OpenVPN. If/when the selinux
policies are updated to include a definition for an OpenVPN domain, the
files should get labeled properly (either via filesystem relabeling or
openvpn rpm upgrade/install).
--
David Hollis <dhollis at davehollis.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20041209/55cf57ae/attachment.sig>
More information about the fedora-devel-list
mailing list