-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/13/2012 10:04 AM, Michael Milverton wrote:
Thanks Dan,
I don't have access to Fedora 17 at the moment so I can't test it
but I will write a small python script this weekend so you can test
it if you like. My feeling is that it won't work properly like it
is because the fc file doesn't include couchjs, the JavaScript
compiler. I think that was the main issue I had if I remember
correctly.
Could you test the policy I attached as that seemed to work on
Fedora 15 or is it too outdated? It was for couchdb 1.0.2.
P.S If you can wait a couple of weeks I should be able to get
Fedora 17 running. It takes time because I have limited bandwidth
(wireless) at the moment.
Thanks Michael
On 12/03/2012, at 21:54, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
I wrote my own policy for couchdb using sepolgen for Fedora 17.
Totally untested, since I have no idea how to use couchdb.
Fixed avc's created by starting and stopping the service.
ps -eZ | grep couch system_u:system_r:couchdb_t:s0 4103 ?
00:00:00 couchdb system_u:system_r:couchdb_t:s0 4113 ?
00:00:00 couchdb system_u:system_r:couchdb_t:s0 4114 ?
00:00:00 beam.smp system_u:system_r:couchdb_t:s0 4130 ?
00:00:00 heart
Might want to write separate polciy for heart? beam.smp?
I added port definitions for tcp port couchdb_port_t 5984 and
6984.
> <couchdb.te> <couchdb.if> <couchdb.fc> <couchdb.sh>
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
The policy you attached did not include any allow rules. Could you
mail me the original source, te file.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
iEYEARECAAYFAk9fVKEACgkQrlYvE4MpobOUEgCg296xb2E45lvFOO4kS1vYDq44
hJsAn0A5YF19vItKoLibqKUG7mZm6FZi
=LrXW
-----END PGP SIGNATURE-----