Is there a SELinux tutorial for ISVs ?

[Davide Bolcioni]

Mike Hearn wrote:

> You can review their sources.

I meant programmatically but never mind, I got the message that we're not
quite there yet.

> OK. What exactly broke your app? Targetted isn't supposed to interfere
> with most programs (except that sometimes that doesn't seem to be the
> case, I'm still researching this too!). So you should be able to ignore
> that. It may be that the shlib_textrel_t thing got you, so far that's the
> only part of targetted I know about which isn't actually backwards
> compatible.

The app is a Web application which includes a proprietary CGI executable,
but in the targeted policy only appropriately-labeled CGI get run. 
Having the CGI not sit in cgi-bin probably adds to the pain, I guess. I 
found out how to disable SELinux protection for Apache, but that kind of 
defeats the purpose and does not help customer relationships.

> Until binary policy is implemented though I am not sure you can ship
> policy in RPMs. It has to be in the central policy as a patch and you can
> then mark the files with the right contexts. You (hopefully) shouldn't
> need any custom policy though.

Another message suggested that FC5 is likely to be the target for the 
stuff I am grasping at.

Thank you for your consideration,
Davide Bolcioni
-- 
There is no place like /home.