[Spacewalk-list] selinux policy file for spacewalk setup step on centos
Sean Allin
allins at spawar.navy.mil
Tue Jun 24 22:30:35 UTC 2008
I built this selinux module for the spacewalk-setup --disconnected step. Hope it's of use.
module spacewalk 1.0;
require {
type unconfined_t;
type lib_t;
type var_log_t;
type httpd_t;
type etc_t;
type initrc_t;
type java_t;
class process { execstack execmem execheap };
class file { execute execute_no_trans execmod ioctl append };
}
#============= httpd_t ==============
allow httpd_t etc_t:file { execute execute_no_trans };
allow httpd_t self:process { execstack execmem execheap };
allow httpd_t var_log_t:file { ioctl append };
#============= initrc_t ==============
allow initrc_t lib_t:file execmod;
#============= java_t ==============
allow java_t lib_t:file execmod;
#============= unconfined_t ==============
allow unconfined_t lib_t:file execmod;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4032 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20080624/9cd15718/attachment.bin>
More information about the Spacewalk-list
mailing list