[colug-432] SELinux Policy Question

Chris Clonch chris at theclonchs.com
Thu Feb 12 17:01:31 EST 2015


>   * Re-write the base policy, but remember an rpm update will wipe out
> your changes.

I want to stick with the modular layout, so this is out.

>   * Extend the base policy to allow your app to access the ports owned
> by another policy.  Audit2allow should help with that.  Then add the
> other ports using semanage.

Local policy seems the best route.  Can ports be defined in the policy 
so semanage can be avoided?  The application will be running under the 
httpd_port_t context, so really I just need the local policy to include 
the ports.  My hope is I can and it will override the ports labeled with 
the contexts defined at the base...

>   * Run your service unconfined.

Not an option.


More information about the colug-432 mailing list