I've settled with these updated files. I couldn't find a use case for cache data or tmp data yet, so I've removed those types and the associated permissions that were applied to consul_t.
Is there enough of a demand for this to warrant a pull request? I'd like to contribute, assuming that the policy stands up to further examination.
On Mon, Sep 14, 2015 at 3:41 PM Jeremy Young <jrm16020@xxxxxxxxx> wrote:
Hello everyone,I'm preparing to deploy a Consul cluster for the company at which I work, and while perusing the documentation, found that I'd like to have SELinux policy around my deployment. I've attached my first shot, and would like some feedback as to whether or not this is redundant or too permissive. I admittedly don't yet know enough about the application to speak to whether or not this breaks functionality but am asking the Consul mailing list for feedback as well.Can I get some input on the policy?Thank you for your help!--Jeremy Young
--
Jeremy Young
Attachment:
consul.fc
Description: Binary data
Attachment:
consul.te
Description: Binary data
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
