[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Is there a SELinux tutorial for ISVs ?

Mike Hearn wrote:

You can review their sources.

I meant programmatically but never mind, I got the message that we're not quite there yet.

OK. What exactly broke your app? Targetted isn't supposed to interfere
with most programs (except that sometimes that doesn't seem to be the
case, I'm still researching this too!). So you should be able to ignore
that. It may be that the shlib_textrel_t thing got you, so far that's the
only part of targetted I know about which isn't actually backwards

The app is a Web application which includes a proprietary CGI executable,
but in the targeted policy only appropriately-labeled CGI get run. Having the CGI not sit in cgi-bin probably adds to the pain, I guess. I found out how to disable SELinux protection for Apache, but that kind of defeats the purpose and does not help customer relationships.

Until binary policy is implemented though I am not sure you can ship
policy in RPMs. It has to be in the central policy as a patch and you can
then mark the files with the right contexts. You (hopefully) shouldn't
need any custom policy though.

Another message suggested that FC5 is likely to be the target for the stuff I am grasping at.

Thank you for your consideration,
Davide Bolcioni
There is no place like /home.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]