> From: Miroslav Grepl [mailto:mgrepl@xxxxxxxxxx] > Sent: 29 April 2013 08:58 > On 04/26/2013 11:16 AM, Moray Henderson wrote: > > Is there a way to disable a particular module in > > selinux-policy-targeted-3.7.19-195.el6_4.1.noarch.rpm without having > > to modify and rebuild the whole RPM? > > > > Our versions of Ruby and Passenger put things in different places > than > > the ones expected by the SELinux passenger module so we've had to > > remove it and make our own. That meant we missed a RHEL 6.4 > > selinux-policy update and ended up with a broken Samba 3.6. If > > there's a way we can go back to using the standard selinux-policy > rpms > > but disable the passenger module, it would be very useful. > > > > -- > > selinux mailing list > > selinux@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/selinux > What issues are you getting? If you have different paths then you > should run in the httpd_t domain. Could you attach AVC msgs which you > are getting? Is there a reason to not use RHEL passenger policy and > just add labeling for your paths? > > Regards, > Miroslav I had developed a policy module for my Rails/Passenger application before there was an RHEL passenger policy. It creates its own specific types using the httpd interface and it works. The RHEL module was written for different versions of Ruby, Rails and Passenger: it expects things in different places, uses different types, and some of the .fc specifications conflict with mine. This is not a complaint, it's just that different programmers, working independently and with different goals in mind, will inevitably design their software in different ways. If I was developing something new then obviously I would use the RHEL policy and the versions of packages it was designed for. However now it would take a lot of work to bring my existing policy or application into line with yours. Since I already have something that works now, I don't think I can face putting a lot of effort into redesigning it so that it simply still works. Anyway, thanks Dominick for the "semodule -d" tip - I haven't had a chance to test it in my installer yet but it looks as if it should do the trick. Moray. “To err is human; to purr, feline.” -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
