Paul Howarth wrote:
On 14/09/09 09:40, briaeros007 wrote:
Hello,
First of all, i'm sorry if my questions is something "dumb".
Here the context of my trouble :
I have create a server with an php website.
This php website use a postgresql db on the same server.
I use a RHEL 5.3 and selinux with the policy "targeted".
For the website to works properly, i must add the rules :
"allow httpd_t postgresql_port_t:tcp_socket name_connect;"
So now my problem is :
If i update my server and the policy is updated : Is there a way to
automatically add this (local) rule ?
What i want to do is to use the rhel policy as a base, and to add my
own local rules without the need to recompile them/add them manually
at each update.
I don't know if i'm very clear /o\
You probably don't need to add any rules at all. Try setting this
boolean instead:
# setsebool -P httpd_can_network_connect_db=1
Paul.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to
majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
From what I remember, if using the
selinux-policy-default there was a
file called local.te(cant remember the path)
and in there you would add your allow rules
to the policy. That is if your using monolithic.
Justin P. Mattock
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
