<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Regards, Lauren, you can see here to Dominick Grift explaining how
to make all this work.<br>
Best wishes<br>
<br>
On 06/29/2011 12:58 PM, Dominick Grift wrote:
<blockquote cite="mid:1309366730.3643.2.camel@localhost.localdomain"
type="cite">
<pre wrap="">On Thu, 2011-06-30 at 00:20 +0800, Michael Milverton wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
I'm in the process of writing a policy for couchdb (nosql database). I'm
using the selinux-polgengui and eclipse slide tools to help. I've hit a road
block because it won't start but I'm not getting any more AVC's. I'm
wondering if anybody might be able to offer some clue about getting more
AVC's from it because if it won't talk to me I can't get much further.
</pre>
</blockquote>
<pre wrap="">
Hi,
Could you try the policy template enclosed and provide any avc denials
that you will be seeing when it is tested?
steps to test:
1. put the couchdb.{te,fc} files in a project directory for example
~/couchdb
2. change to this project directory for example cd ~/couchdb
3. try to build the policy: make -f /usr/share/selinux/devel/Makefile
couchdb.pp
4. if it builds, try to install the binary representation of the policy
module: sudo semodule -i couchdb.pp
5. restore the context of each patch specified in the file context
specification file. for example:
restorecon -R -v /etc/couchdb
restorecon -R -v /etc/rc.d/init.d/couchdb
restorecon -R -v /var/lib/couchdb
restorecon -R -v /var/log/couchdb
restorecon -R -v /var/run/couchdb
restorecon -R -v /etc/sysconfig/couchdb
restorecon -R -v /usr/bin/couchdb
5. for testing purposes set selinux to permissive mode if possible:
setenforce 0
6. unload any rules that silently deny access (note this will cause much
logging and may upset setroubelshoot if you have it running):
semodule -DB
7. make a note of the current system time: date
8. start the couchdb service (service couchdb start)
9. collect all the avc denials that occured since you have noted the
current system time: example: ausearch -m avc -ts 18:52
enclose the full list of avc denials.
Attachements:
couchdb.fc
<a class="moz-txt-link-freetext" href="http://pastebin.com/3QP4ecFP">http://pastebin.com/3QP4ecFP</a>
couchdb.te
<a class="moz-txt-link-freetext" href="http://pastebin.com/VtxP7YnN">http://pastebin.com/VtxP7YnN</a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Marcos Luis Ortíz Valmaseda
Sr. Software Engineer (UCI)
<a class="moz-txt-link-freetext" href="http://marcosluis2186.posterous.com">http://marcosluis2186.posterous.com</a>
<a class="moz-txt-link-freetext" href="http://postgresql.uci.cu/blog/38">http://postgresql.uci.cu/blog/38</a> </pre>
<br>
<html>
<body>
<a href="http://www.antiterroristas.cu/">
<img src="http://cincoheroes.uci.cu/cinco.gif" alft="Para mas informacion consultar \n
http://wwww.antiterroristas.cu y http://justiciaparaloscinco.wordpress.com" width="792" height="52" />
</body>
</html>
<br>
</body>
</html>