From: Miroslav Grepl [mailto:mgrepl@redhat.com]
Sent: 29 April 2013 08:58
On 04/26/2013 11:16 AM, Moray Henderson wrote:
> Is there a way to disable a particular module in
> selinux-policy-targeted-3.7.19-195.el6_4.1.noarch.rpm without having
> to modify and rebuild the whole RPM?
>
> Our versions of Ruby and Passenger put things in different places
than
> the ones expected by the SELinux passenger module so we've had to
> remove it and make our own. That meant we missed a RHEL 6.4
> selinux-policy update and ended up with a broken Samba 3.6. If
> there's a way we can go back to using the standard selinux-policy
rpms
> but disable the passenger module, it would be very useful.
>
> --
> selinux mailing list
> selinux(a)lists.fedoraproject.org
>
https://admin.fedoraproject.org/mailman/listinfo/selinux
What issues are you getting? If you have different paths then you
should run in the httpd_t domain. Could you attach AVC msgs which you
are getting? Is there a reason to not use RHEL passenger policy and
just add labeling for your paths?
Regards,
Miroslav
I had developed a policy module for my Rails/Passenger application before there was an
RHEL passenger policy. It creates its own specific types using the httpd interface and it
works. The RHEL module was written for different versions of Ruby, Rails and Passenger:
it expects things in different places, uses different types, and some of the .fc
specifications conflict with mine. This is not a complaint, it's just that different
programmers, working independently and with different goals in mind, will inevitably
design their software in different ways. If I was developing something new then obviously
I would use the RHEL policy and the versions of packages it was designed for. However now
it would take a lot of work to bring my existing policy or application into line with
yours. Since I already have something that works now, I don't think I can face
putting a lot of effort into redesigning it so that it simply still works.
Anyway, thanks Dominick for the "semodule -d" tip - I haven't had a chance
to test it in my installer yet but it looks as if it should do the trick.
Moray.
“To err is human; to purr, feline.”