On 06/27/2010 02:37 PM, Mr Dash Four wrote: > Two questions to the SELinux gurus on here: 1) Why am I getting these > alerts? and 2) How can I fix the problem so that I could run both > Shorewall and IPSets with SELinux in Enforced mode? 1) probably untested functionality. 2) The following should fix it: mkdir ~/myshorewall; cd ~/myshorewall; echo "policy_module(myshorewall, 1.0.0)" > myshorewall.te; echo "optional_policy(\`" >> myshorewall.te; echo "gen_require(\`" >> myshorewall.te; echo "type shorewall_t;" >> myshorewall.te; echo "')" >> myshorewall.te; echo "allow shorewall_t self:rawip_socket create_socket_perms;" >> myshorewall.te; echo "')" >> myshorewall.te; make -f /usr/share/selinux/devel/Makefile myshorewall.pp sudo semodule -i myshorewall.pp > This is important for me as this is a production server and a lot of > stuff runs on it and needs to be available 24/7. > > Many thanks in advance! > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
