diff options
| author | Alan Conway <aconway@apache.org> | 2010-07-21 16:37:04 +0000 |
|---|---|---|
| committer | Alan Conway <aconway@apache.org> | 2010-07-21 16:37:04 +0000 |
| commit | b88ea955f6d293c8471de57f80e3dbe86d8f354a (patch) | |
| tree | 06dffeee1b3acf4d7e77374ecd4bdb26cf001d5a /cpp | |
| parent | 07e2da7a5d9cc0e737bb9f820fcaf58544242269 (diff) | |
| download | qpid-python-b88ea955f6d293c8471de57f80e3dbe86d8f354a.tar.gz | |
Added selinux policy so developers can run cluster tests with enforcing=1
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@966302 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'cpp')
| -rw-r--r-- | cpp/etc/selinux/qpidd.te | 10 | ||||
| -rw-r--r-- | cpp/etc/selinux/qpiddevel.te | 23 |
2 files changed, 30 insertions, 3 deletions
diff --git a/cpp/etc/selinux/qpidd.te b/cpp/etc/selinux/qpidd.te index 92ff3043bd..322645531e 100644 --- a/cpp/etc/selinux/qpidd.te +++ b/cpp/etc/selinux/qpidd.te @@ -1,6 +1,10 @@ -# selinux policy needed to run a qpid cluster with selinux in enforcing mode. -# To build the compiled .pp file in this directory do: -# make -f /usr/share/selinux/devel/Makefile +# selinux policy needed to run the qpidd service with clustering +# enabled and selinux in enforcing mode. +# +# To build the qpid.pp module in this directory do: +# sudo make -f /usr/share/selinux/devel/Makefile +# To install the compiled qpidd.pp +# sudo semodule -i qpidd.pp policy_module(qpidd, 1.1) require { diff --git a/cpp/etc/selinux/qpiddevel.te b/cpp/etc/selinux/qpiddevel.te new file mode 100644 index 0000000000..092b9fc203 --- /dev/null +++ b/cpp/etc/selinux/qpiddevel.te @@ -0,0 +1,23 @@ +# selinux policy for qpid developers. +# If you have configured a qpid source tree with cluster support, you will need +# this policy to run the make check tests with with selinux in enforcing mode. +# +# To build the qpid.pp module in this directory do: +# sudo make -f /usr/share/selinux/devel/Makefile +# To install the compiled qpiddevel.pp +# sudo semodule -i qpiddevel.pp + +module qpiddevel 1.0; + +require { + type unconfined_t; + type aisexec_t; + class capability sys_admin; + class sem { write unix_read unix_write associate read destroy }; + class shm { unix_read write unix_write associate read destroy }; +} + +#============= aisexec_t ============== +allow aisexec_t self:capability sys_admin; +allow aisexec_t unconfined_t:sem { write unix_read unix_write associate read destroy }; +allow aisexec_t unconfined_t:shm { unix_read write unix_write associate read destroy }; |