enabling selinux
Colin Walters
walters at redhat.com
Thu Dec 9 22:35:42 UTC 2004
On Thu, 2004-12-09 at 14:52 -0600, Steven Pritchard wrote:
> Excuse me for a stupid selinux question...
>
> Is there something I have to do when packaging a daemon to make
> selinux policy apply to it?
Nothing in the daemon RPM itself; but you should make sure that your
file locations, etc. conform to the shipped policy.
> I have an OpenVPN package in the fedora.us QA queue
> (https://bugzilla.fedora.us/show_bug.cgi?id=1531). I noticed that
> selinux-policy-targeted-sources includes a file openvpn.fc, but I have
> no idea how to connect the dots to make it all work...
There is an openvpn.te; it's just not shipped in
selinux-policy-targeted-sources. The spec file does:
for i in apache.te dhcpd.te ldconfig.te mailman.te mysqld.te mta.te named.te nscd.te ntpd.te portmap.te postgresql.te snmpd.te squid.te syslogd.te ypbind.te; do
mv domains/program/unused/$i domains/program/
If you just add openvpn.te to that it should work. BTW, I wrote
openvpn.te very quickly while I was experimenting with VPN software a
while ago; it's only been lightly tested :)
More information about the devel
mailing list