change Selinux context in %post?
Daniel J Walsh
dwalsh at redhat.com
Tue Feb 11 15:43:16 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/06/2014 12:44 PM, Richard Shaw wrote:
> On Thu, Feb 6, 2014 at 11:37 AM, Daniel J Walsh <dwalsh at redhat.com
> <mailto:dwalsh at redhat.com>> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>
> On 02/06/2014 02:39 PM, Richard Shaw wrote:
>> On Thu, Feb 6, 2014 at 2:49 AM, Miroslav Suchý <msuchy at redhat.com
> <mailto:msuchy at redhat.com>> wrote:
>>
>>> On 02/05/2014 08:24 PM, Richard Shaw wrote:
>>>
>>>> Are there official guidelines on how to handle selinux contexts in
>>>> packaging? I can still only find the draft which seems way more
>>>> complicated than necessary for my needs.
>>>>
>>>> I'm working on a package that uses mongodb internally (runs it's own
>>>> instance). Selinux is complaining because it has mongodb creating
>>>> the database (and logs) outside of the normal locations
> You need to tell SELinux about the labels.
>
> semanage fcontext -e /var/lib/mysql PATHTO/mysql restorecon -R -v
> PATHTO/mysql
>
> Is probably what you want.
>
>
> Ok, I ended up getting to the same place using "-a mongod_var_lib_t"... Now
> how to turn that into a policy I can package?
>
> I ended up with this as the requirements to create a functional package:
>
> /var/lib/unifi/logs(/.*)? system_u:object_r:mongod_var_lib_t:s0
> /var/lib/unifi/data(/.*)? system_u:object_r:mongod_var_lib_t:s0 portcon
> tcp 27117 system_u:object_r:mongod_port_t:s0
>
> Thanks, Ricahrd
>
>
Most likely the better solution would have been
/var/lib/unifi/logs(/.*)? system_u:object_r:mongod_log_t:s0
SHould these go into Fedora Policy?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlL6RRQACgkQrlYvE4MpobMSkACfcjz7Y7o3w+lYXpwL4PB+UJ4t
X3oAoM48lMdCw4J6cbAQkejcGt00rXNJ
=bgUx
-----END PGP SIGNATURE-----
More information about the devel
mailing list