Thanks Dan, I don't have access to Fedora 17 at the moment so I can't test it but I will write a small python script this weekend so you can test it if you like. My feeling is that it won't work properly like it is because the fc file doesn't include couchjs, the JavaScript compiler. I think that was the main issue I had if I remember correctly. Could you test the policy I attached as that seemed to work on Fedora 15 or is it too outdated? It was for couchdb 1.0.2. P.S If you can wait a couple of weeks I should be able to get Fedora 17 running. It takes time because I have limited bandwidth (wireless) at the moment. Thanks Michael On 12/03/2012, at 21:54, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I wrote my own policy for couchdb using sepolgen for Fedora 17. > > Totally untested, since I have no idea how to use couchdb. > > Fixed avc's created by starting and stopping the service. > > ps -eZ | grep couch > system_u:system_r:couchdb_t:s0 4103 ? 00:00:00 couchdb > system_u:system_r:couchdb_t:s0 4113 ? 00:00:00 couchdb > system_u:system_r:couchdb_t:s0 4114 ? 00:00:00 beam.smp > system_u:system_r:couchdb_t:s0 4130 ? 00:00:00 heart > > Might want to write separate polciy for heart? beam.smp? > > I added port definitions for tcp port couchdb_port_t 5984 and 6984. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk9eAAYACgkQrlYvE4MpobNfGgCgqOwQe9Gp4kWTHf48yZJu/j2N > urEAnRBRMadaL2uY2TcRI2CCxaCdfM4w > =9OeU > -----END PGP SIGNATURE----- > <couchdb.te> > <couchdb.if> > <couchdb.fc> > <couchdb.sh> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
