-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/08/2012 09:23 PM, Marcos Ortiz wrote:
Regards, Lauren, you can see here to Dominick Grift explaining how
to make all this work. Best wishes
On 06/29/2011 12:58 PM, Dominick Grift wrote:
> On Thu, 2011-06-30 at 00:20 +0800, Michael Milverton wrote:
>> Hi,
>>
>> I'm in the process of writing a policy for couchdb (nosql
>> database). I'm using the selinux-polgengui and eclipse slide
>> tools to help. I've hit a road block because it won't start but
>> I'm not getting any more AVC's. I'm wondering if anybody might
>> be able to offer some clue about getting more AVC's from it
>> because if it won't talk to me I can't get much further.
> Hi,
>
> Could you try the policy template enclosed and provide any avc
> denials that you will be seeing when it is tested?
>
> steps to test:
>
> 1. put the couchdb.{te,fc} files in a project directory for
> example ~/couchdb
>
> 2. change to this project directory for example cd ~/couchdb
>
> 3. try to build the policy: make -f
> /usr/share/selinux/devel/Makefile couchdb.pp
>
> 4. if it builds, try to install the binary representation of the
> policy module: sudo semodule -i couchdb.pp
>
> 5. restore the context of each patch specified in the file
> context specification file. for example:
>
> restorecon -R -v /etc/couchdb restorecon -R -v
> /etc/rc.d/init.d/couchdb restorecon -R -v /var/lib/couchdb
> restorecon -R -v /var/log/couchdb restorecon -R -v
> /var/run/couchdb restorecon -R -v /etc/sysconfig/couchdb
> restorecon -R -v /usr/bin/couchdb
>
> 5. for testing purposes set selinux to permissive mode if
> possible: setenforce 0
>
> 6. unload any rules that silently deny access (note this will
> cause much logging and may upset setroubelshoot if you have it
> running):
>
> semodule -DB
>
> 7. make a note of the current system time: date
>
> 8. start the couchdb service (service couchdb start)
>
> 9. collect all the avc denials that occured since you have noted
> the current system time: example: ausearch -m avc -ts 18:52
>
> enclose the full list of avc denials.
>
> Attachements:
>
> couchdb.fc
http://pastebin.com/3QP4ecFP
>
> couchdb.te
http://pastebin.com/VtxP7YnN
>
>
>
-- Marcos Luis OrtÃz Valmaseda Sr. Software Engineer (UCI)
http://marcosluis2186.posterous.com
http://postgresql.uci.cu/blog/38
<
http://www.antiterroristas.cu/>
<
http://www.antiterroristas.cu/>
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
<
http://www.antiterroristas.cu/>
Does a complete policy exists for couchdb? I would like to put one in
for Fedora 17. Although I currently can not install it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
iEYEARECAAYFAk9aDs0ACgkQrlYvE4MpobOpjgCfXDoGqr4qGGJLGTK7EeyA5+I5
ctYAoIqOltfnrhkCegZ63yKnz95OyT+B
=cu+3
-----END PGP SIGNATURE-----