On 06/27/2010 02:37 PM, Mr Dash Four wrote:
Two questions to the SELinux gurus on here: 1) Why am I getting these
alerts? and 2) How can I fix the problem so that I could run both
Shorewall and IPSets with SELinux in Enforced mode?
1) probably untested functionality.
2) The following should fix it:
mkdir ~/myshorewall; cd ~/myshorewall;
echo "policy_module(myshorewall, 1.0.0)" > myshorewall.te;
echo "optional_policy(\`" >> myshorewall.te;
echo "gen_require(\`" >> myshorewall.te;
echo "type shorewall_t;" >> myshorewall.te;
echo "')" >> myshorewall.te;
echo "allow shorewall_t self:rawip_socket create_socket_perms;" >>
myshorewall.te;
echo "')" >> myshorewall.te;
make -f /usr/share/selinux/devel/Makefile myshorewall.pp
sudo semodule -i myshorewall.pp
This is important for me as this is a production server and a lot of
stuff runs on it and needs to be available 24/7.
Many thanks in advance!
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux