Hello, Attached is a SELinux policy for the Fedora Directory Server 1.1.0. It is composed of three parts. * dirsrv - directory server and setup programs * dirsrv-admin - administration server and setup programs * fedora-idm-console - java based console for administration The policies were developed on a CentOS 5.1 with the following packages: fedora-ds-base-1.1.0-3.fc6 fedora-ds-admin-1.1.1-1.fc6 fedora-ds-console-1.1.0-5.fc6 selinux-policy-2.4.6-106.el5_1.3 kernel-2.6.18-53.1.4.el5 I've succesfully tested the policies in targeted and strict mode. The dirsrv-admin policy requires that the apache policy module is loaded. Also run: setsebool -P httpd_enable_cgi on Comment out the following in /usr/sbin/start-ds-admin (line 63-65): if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then SELINUX_CMD="runcon -t unconfined_t --" fi I had trouble with the replication plugin so I haven't been able to do any testing with replication. Any comments are welcome. // Pär Aronsson

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkff0wIACgkQrlYvE4MpobPytQCbBlFzyMaq83N79iPxQTbk/G5k /SkAn2TL7xy7VwL1oDaj62isjxNnqd9O =jUQi -----END PGP SIGNATURE-----