FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 08-10-2008, 02:36 AM
David Carter
 
Default How do I handle selinux for an Apache module?

Hey folks!

I'm a newbie to package submission, and I've encountered some selinux
issues when packaging my Apache module. The module runs fine without
selinux, but won't run without some new rules and file configurations.


How is this normally handled in packages? Am I expected to add
configurations to handle this? How do I handle cases where selinux
isn't enabled?


TIA,
Dave

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-10-2008, 06:12 AM
Ray Van Dolson
 
Default How do I handle selinux for an Apache module?

On Sun, Aug 10, 2008 at 12:06:09AM -0230, David Carter wrote:
> Hey folks!
>
> I'm a newbie to package submission, and I've encountered some selinux
> issues when packaging my Apache module. The module runs fine without
> selinux, but won't run without some new rules and file configurations.
>
> How is this normally handled in packages? Am I expected to add
> configurations to handle this? How do I handle cases where selinux isn't
> enabled?

I know some provide a -selinux sub-package to deal with doing selinux
policy changes. I'm not sure if this is the official, preferred way or
not however. And there's no real automated way for someone installing
your package (who has selinux enabled on their machine) to even be
aware that the -selinux package exists. I ran into this with awstats.
So you might make mention of it in the README.Fedora for the main
package at the very least.

Ray

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-10-2008, 12:33 PM
David Carter
 
Default How do I handle selinux for an Apache module?

Thanks!

Now that I have a handle on that, I have a follow-up question:

How do I handle system tuning parameters? Specifically, I need to
increase the size of msgmnb and msgmax.


- Dave

On Aug 10, 2008, at 3:42 AM, Ray Van Dolson wrote:


On Sun, Aug 10, 2008 at 12:06:09AM -0230, David Carter wrote:

Hey folks!

I'm a newbie to package submission, and I've encountered some selinux
issues when packaging my Apache module. The module runs fine without
selinux, but won't run without some new rules and file
configurations.


How is this normally handled in packages? Am I expected to add
configurations to handle this? How do I handle cases where selinux
isn't

enabled?


I know some provide a -selinux sub-package to deal with doing selinux
policy changes. I'm not sure if this is the official, preferred way
or

not however. And there's no real automated way for someone installing
your package (who has selinux enabled on their machine) to even be
aware that the -selinux package exists. I ran into this with awstats.
So you might make mention of it in the README.Fedora for the main
package at the very least.

Ray

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list



--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-10-2008, 04:25 PM
"Paul W. Frields"
 
Default How do I handle selinux for an Apache module?

On Sat, 2008-08-09 at 23:12 -0700, Ray Van Dolson wrote:
> On Sun, Aug 10, 2008 at 12:06:09AM -0230, David Carter wrote:
> > Hey folks!
> >
> > I'm a newbie to package submission, and I've encountered some selinux
> > issues when packaging my Apache module. The module runs fine without
> > selinux, but won't run without some new rules and file configurations.
> >
> > How is this normally handled in packages? Am I expected to add
> > configurations to handle this? How do I handle cases where selinux isn't
> > enabled?
>
> I know some provide a -selinux sub-package to deal with doing selinux
> policy changes. I'm not sure if this is the official, preferred way or
> not however. And there's no real automated way for someone installing
> your package (who has selinux enabled on their machine) to even be
> aware that the -selinux package exists. I ran into this with awstats.
> So you might make mention of it in the README.Fedora for the main
> package at the very least.

I know the SELinux folks are keen to have packages that provide services
also provide an accompanying policy module. You might want to consider
asking this question on the fedora-selinux-list, where I'll bet you'll
be able to get some help and pointers:
http://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
Paul W. Frields
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://paul.frields.org/ - - http://pfrields.fedorapeople.org/
irc.freenode.net: stickster @ #fedora-docs, #fedora-devel, #fredlug
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 

Thread Tools




All times are GMT. The time now is 08:23 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org