[colug-432] SELinux Policy Question
Chris Clonch
chris at theclonchs.com
Thu Feb 12 17:01:31 EST 2015
> * Re-write the base policy, but remember an rpm update will wipe out
> your changes.
I want to stick with the modular layout, so this is out.
> * Extend the base policy to allow your app to access the ports owned
> by another policy. Audit2allow should help with that. Then add the
> other ports using semanage.
Local policy seems the best route. Can ports be defined in the policy
so semanage can be avoided? The application will be running under the
httpd_port_t context, so really I just need the local policy to include
the ports. My hope is I can and it will override the ports labeled with
the contexts defined at the base...
> * Run your service unconfined.
Not an option.
More information about the colug-432
mailing list