[CentOS] selinux-policy-targeted-sources and CentOS 5?
Paul Heinlein
heinlein at madboa.com
Wed May 16 20:57:07 UTC 2007
On Wed, 16 May 2007, Jiann-Ming Su wrote:
> What is the equivelent "selinux-policy-targeted-sources" package in
> CentOS 5? It was available in 4.4. Thanks for any help.
Funny, I just asked myself that this morning.
Reading the RHEL 5 manual (Chapter 45. Customizing SELinux Policy), I
came the conclusion that semanage, semodule, and audit2allow are the
newly blessed toolset.
I needed to allow dhcpd to bind to a port (1820/1821 in my case) for
failover, but that binding is verboten in the standard targeted
policy. I took a look at the audit.log to see what entries were of
interest (they all contained src=1820 or src=1821), and passed those
entries to audit2allow, asking it to create a policy called
"dhcpfailover." I looked at the resulting dhcpfailover.te file to make
sure it looked something like I expected, and then used semodule to
install and active the policy revision. I.e.,
grep src=182[01] /var/log/audit/audit.log | audit2allow -M dhcpfailover
$PAGER dhcpfailover.te
semodule -i dhcpfailover.pp
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the CentOS
mailing list