On Wed, 16 May 2007, Jiann-Ming Su wrote:
What is the equivelent "selinux-policy-targeted-sources" package in
CentOS 5? It was available in 4.4. Thanks for any help.
Funny, I just asked myself that this morning.
Reading the RHEL 5 manual (Chapter 45. Customizing SELinux Policy), I
came the conclusion that semanage, semodule, and audit2allow are the
newly blessed toolset.
I needed to allow dhcpd to bind to a port (1820/1821 in my case) for
failover, but that binding is verboten in the standard targeted
policy. I took a look at the audit.log to see what entries were of
interest (they all contained src=1820 or src=1821), and passed those
entries to audit2allow, asking it to create a policy called
"dhcpfailover." I looked at the resulting dhcpfailover.te file to make
sure it looked something like I expected, and then used semodule to
install and active the policy revision. I.e.,
grep src=182[01] /var/log/audit/audit.log | audit2allow -M dhcpfailover
$PAGER dhcpfailover.te
semodule -i dhcpfailover.pp
--
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
