-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/08/2012 09:23 PM, Marcos Ortiz wrote:
> Regards, Lauren, you can see here to Dominick Grift explaining how
> to make all this work. Best wishes
>
> On 06/29/2011 12:58 PM, Dominick Grift wrote:
>> On Thu, 2011-06-30 at 00:20 +0800, Michael Milverton wrote:
>>> Hi,
>>>
>>> I'm in the process of writing a policy for couchdb (nosql
>>> database). I'm using the selinux-polgengui and eclipse slide
>>> tools to help. I've hit a road block because it won't start but
>>> I'm not getting any more AVC's. I'm wondering if anybody might
>>> be able to offer some clue about getting more AVC's from it
>>> because if it won't talk to me I can't get much further.
>> Hi,
>>
>> Could you try the policy template enclosed and provide any avc
>> denials that you will be seeing when it is tested?
>>
>> steps to test:
>>
>> 1. put the couchdb.{te,fc} files in a project directory for
>> example ~/couchdb
>>
>> 2. change to this project directory for example cd ~/couchdb
>>
>> 3. try to build the policy: make -f
>> /usr/share/selinux/devel/Makefile couchdb.pp
>>
>> 4. if it builds, try to install the binary representation of the
>> policy module: sudo semodule -i couchdb.pp
>>
>> 5. restore the context of each patch specified in the file
>> context specification file. for example:
>>
>> restorecon -R -v /etc/couchdb restorecon -R -v
>> /etc/rc.d/init.d/couchdb restorecon -R -v /var/lib/couchdb
>> restorecon -R -v /var/log/couchdb restorecon -R -v
>> /var/run/couchdb restorecon -R -v /etc/sysconfig/couchdb
>> restorecon -R -v /usr/bin/couchdb
>>
>> 5. for testing purposes set selinux to permissive mode if
>> possible: setenforce 0
>>
>> 6. unload any rules that silently deny access (note this will
>> cause much logging and may upset setroubelshoot if you have it
>> running):
>>
>> semodule -DB
>>
>> 7. make a note of the current system time: date
>>
>> 8. start the couchdb service (service couchdb start)
>>
>> 9. collect all the avc denials that occured since you have noted
>> the current system time: example: ausearch -m avc -ts 18:52
>>
>> enclose the full list of avc denials.
>>
>> Attachements:
>>
>> couchdb.fc http://pastebin.com/3QP4ecFP
>>
>> couchdb.te http://pastebin.com/VtxP7YnN
>>
>>
>>
>
> -- Marcos Luis Ortíz Valmaseda Sr. Software Engineer (UCI)
> http://marcosluis2186.posterous.com
> http://postgresql.uci.cu/blog/38
>
>
>
>
> <http://www.antiterroristas.cu/>
>
>
> <http://www.antiterroristas.cu/>
>
> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> <http://www.antiterroristas.cu/>
Does a complete policy exists for couchdb? I would like to put one in
for Fedora 17. Although I currently can not install it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9aDs0ACgkQrlYvE4MpobOpjgCfXDoGqr4qGGJLGTK7EeyA5+I5
ctYAoIqOltfnrhkCegZ63yKnz95OyT+B
=cu+3
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
