Mike Hearn wrote:
You can review their sources.
I meant programmatically but never mind, I got the message that we're not quite there yet.
OK. What exactly broke your app? Targetted isn't supposed to interfere with most programs (except that sometimes that doesn't seem to be the case, I'm still researching this too!). So you should be able to ignore that. It may be that the shlib_textrel_t thing got you, so far that's the only part of targetted I know about which isn't actually backwards compatible.
The app is a Web application which includes a proprietary CGI executable,
but in the targeted policy only appropriately-labeled CGI get run. Having the CGI not sit in cgi-bin probably adds to the pain, I guess. I found out how to disable SELinux protection for Apache, but that kind of defeats the purpose and does not help customer relationships.
Until binary policy is implemented though I am not sure you can ship policy in RPMs. It has to be in the central policy as a patch and you can then mark the files with the right contexts. You (hopefully) shouldn't need any custom policy though.
Another message suggested that FC5 is likely to be the target for the stuff I am grasping at.
Thank you for your consideration, Davide Bolcioni -- There is no place like /home.
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
