[rhelv6-list] Modifications to the Base SELinux Policy
Damian Gerow
dgerow at afflictions.org
Thu Jun 13 10:48:15 UTC 2013
A while back, I started writing some policy modules for some in-house
software. Unfortunately, this software used a port that was claimed by
hplip_port_t somewhere in the base policy, and there didn't seem to be a way
to remove the port from hplip_port_t:
Port tcp/xxxx is defined in policy, cannot be deleted
The 'fix' I have for this is that we now have our own base policy, that is
simply the 'targeted' policy with the appropriate ports removed from
hplip_port_t. Which is a giant pain, as we now have to re-compile our base
policy, updated to the new source, whenever there's an SELinux update.
Is there a better way to override a port that's defined in the base policy,
or is providing a different base policy the way to go?
(Changing the port for our software is a non-option at this point,
unfortunately.)
More information about the rhelv6-list
mailing list