On Tue, 2015-08-04 at 08:44 +0930, William Brown wrote:
> >
> What OS do you use? On Fedora, mod_selinux comes with own SELinux policy
> where it is allowed.
I'm doing this on RHEL7, as I would like to get mod_selinux into EPEL.
I think this is the issue:
semodule -i BUILD/mod_selinux-2.4.4/mod_selinux.targeted.pp
libsepol.print_missing_requirements: mod_selinux's global requirements were not
met: type/attribute httpd_user_script_ro_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or
directory).
semodule: Failed!
So maybe there are some types in the mod_selinux policy module that don't exist
yet in RHEL7, so as a result, the post install semodule -i is failing.
Not really sure what the best course of action is. The upstream appears to be
dead so I can't report it there.
Would it be better to make a mod_selinux.centos.te and a mod_selinux.fedora.te
that accommodates these differences? Or to put httpd_user_script_ro_t into
RHEL7?
--
William Brown <william(a)blackhats.net.au>