[CentOS] selinux-policy-targeted-sources and CentOS 5?

Paul Heinlein heinlein at madboa.com
Wed May 16 20:57:07 UTC 2007


On Wed, 16 May 2007, Jiann-Ming Su wrote:

> What is the equivelent "selinux-policy-targeted-sources" package in 
> CentOS 5?  It was available in 4.4.  Thanks for any help.

Funny, I just asked myself that this morning.

Reading the RHEL 5 manual (Chapter 45. Customizing SELinux Policy), I 
came the conclusion that semanage, semodule, and audit2allow are the 
newly blessed toolset.

I needed to allow dhcpd to bind to a port (1820/1821 in my case) for 
failover, but that binding is verboten in the standard targeted 
policy. I took a look at the audit.log to see what entries were of 
interest (they all contained src=1820 or src=1821), and passed those 
entries to audit2allow, asking it to create a policy called 
"dhcpfailover." I looked at the resulting dhcpfailover.te file to make 
sure it looked something like I expected, and then used semodule to 
install and active the policy revision. I.e.,

grep src=182[01] /var/log/audit/audit.log | audit2allow -M dhcpfailover
$PAGER dhcpfailover.te
semodule -i dhcpfailover.pp

-- 
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/



More information about the CentOS mailing list