[Spacewalk-list] selinux policy file for spacewalk setup step on centos
Stephen John Smoogen
smooge at gmail.com
Tue Jun 24 22:35:57 UTC 2008
Thanks for the datapoint. I haven't gotten spacewalk up to test that,
but it is appreciated.
On Tue, Jun 24, 2008 at 4:30 PM, Sean Allin <allins at spawar.navy.mil> wrote:
> I built this selinux module for the spacewalk-setup --disconnected step.
> Hope it's of use.
>
>
> module spacewalk 1.0;
>
> require {
> type unconfined_t;
> type lib_t;
> type var_log_t;
> type httpd_t;
> type etc_t;
> type initrc_t;
> type java_t;
> class process { execstack execmem execheap };
> class file { execute execute_no_trans execmod ioctl append };
> }
>
> #============= httpd_t ==============
> allow httpd_t etc_t:file { execute execute_no_trans };
> allow httpd_t self:process { execstack execmem execheap };
> allow httpd_t var_log_t:file { ioctl append };
>
> #============= initrc_t ==============
> allow initrc_t lib_t:file execmod;
>
> #============= java_t ==============
> allow java_t lib_t:file execmod;
>
> #============= unconfined_t ==============
> allow unconfined_t lib_t:file execmod;
>
>
> _______________________________________________
> Spacewalk-list mailing list
> Spacewalk-list at redhat.com
> https://www.redhat.com/mailman/listinfo/spacewalk-list
>
--
Stephen J Smoogen. -- BSD/GNU/Linux
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"
More information about the Spacewalk-list
mailing list