SELinux Module Packaging in FC5
Paul Howarth
paul at city-fan.org
Tue Mar 14 10:29:29 UTC 2006
Is there any documentation anywhere on including SELinux Policy Modules
in packages (e.g. for Extras) in FC5? For instance, is there a directory
where modules can be dropped into so that they get picked up
aotomatically? Where should they live?
Consider an example. I have an LDAP-backed addressbook frontend written
in PHP that runs on apache. So I install the files in /var/www/someplace
in my package and I need to provide an SELinux module that:
* Includes the appropriate file contexts for the application's cache
directory, which needs to be writable by httpd
* Gives httpd permission to contact LDAP servers over the network (i.e.
ports 389 and 636)
Is it possible to turn on the httpd_builtin_scripting boolean from a
module (the app is written in PHP and needs this)? Is it even sensible
to try to do this, or there just be a README.SELinux telling people they
need to do this themselves?
Should the module be loaded in a %post script?
Some guidelines would no doubt be appreciated by many people.
Paul.
More information about the selinux
mailing list