SELinux and Shorewall with IPSets
Dominick Grift
domg472 at gmail.com
Sun Jun 27 12:44:58 UTC 2010
On 06/27/2010 02:37 PM, Mr Dash Four wrote:
> Two questions to the SELinux gurus on here: 1) Why am I getting these
> alerts? and 2) How can I fix the problem so that I could run both
> Shorewall and IPSets with SELinux in Enforced mode?
1) probably untested functionality.
2) The following should fix it:
mkdir ~/myshorewall; cd ~/myshorewall;
echo "policy_module(myshorewall, 1.0.0)" > myshorewall.te;
echo "optional_policy(\`" >> myshorewall.te;
echo "gen_require(\`" >> myshorewall.te;
echo "type shorewall_t;" >> myshorewall.te;
echo "')" >> myshorewall.te;
echo "allow shorewall_t self:rawip_socket create_socket_perms;" >>
myshorewall.te;
echo "')" >> myshorewall.te;
make -f /usr/share/selinux/devel/Makefile myshorewall.pp
sudo semodule -i myshorewall.pp
> This is important for me as this is a production server and a lot of
> stuff runs on it and needs to be available 24/7.
>
> Many thanks in advance!
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100627/c1b68723/attachment.bin
More information about the selinux
mailing list