I'm a newbie to package submission, and I've encountered some selinux
issues when packaging my Apache module. The module runs fine without
selinux, but won't run without some new rules and file configurations.
How is this normally handled in packages? Am I expected to add
configurations to handle this? How do I handle cases where selinux
isn't enabled?
TIA,
Dave
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
08-10-2008, 06:12 AM
Ray Van Dolson
How do I handle selinux for an Apache module?
On Sun, Aug 10, 2008 at 12:06:09AM -0230, David Carter wrote:
> Hey folks!
>
> I'm a newbie to package submission, and I've encountered some selinux
> issues when packaging my Apache module. The module runs fine without
> selinux, but won't run without some new rules and file configurations.
>
> How is this normally handled in packages? Am I expected to add
> configurations to handle this? How do I handle cases where selinux isn't
> enabled?
I know some provide a -selinux sub-package to deal with doing selinux
policy changes. I'm not sure if this is the official, preferred way or
not however. And there's no real automated way for someone installing
your package (who has selinux enabled on their machine) to even be
aware that the -selinux package exists. I ran into this with awstats.
So you might make mention of it in the README.Fedora for the main
package at the very least.
Ray
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
08-10-2008, 12:33 PM
David Carter
How do I handle selinux for an Apache module?
Thanks!
Now that I have a handle on that, I have a follow-up question:
How do I handle system tuning parameters? Specifically, I need to
increase the size of msgmnb and msgmax.
- Dave
On Aug 10, 2008, at 3:42 AM, Ray Van Dolson wrote:
On Sun, Aug 10, 2008 at 12:06:09AM -0230, David Carter wrote:
Hey folks!
I'm a newbie to package submission, and I've encountered some selinux
issues when packaging my Apache module. The module runs fine without
selinux, but won't run without some new rules and file
configurations.
How is this normally handled in packages? Am I expected to add
configurations to handle this? How do I handle cases where selinux
isn't
enabled?
I know some provide a -selinux sub-package to deal with doing selinux
policy changes. I'm not sure if this is the official, preferred way
or
not however. And there's no real automated way for someone installing
your package (who has selinux enabled on their machine) to even be
aware that the -selinux package exists. I ran into this with awstats.
So you might make mention of it in the README.Fedora for the main
package at the very least.
Ray
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
08-10-2008, 04:25 PM
"Paul W. Frields"
How do I handle selinux for an Apache module?
On Sat, 2008-08-09 at 23:12 -0700, Ray Van Dolson wrote:
> On Sun, Aug 10, 2008 at 12:06:09AM -0230, David Carter wrote:
> > Hey folks!
> >
> > I'm a newbie to package submission, and I've encountered some selinux
> > issues when packaging my Apache module. The module runs fine without
> > selinux, but won't run without some new rules and file configurations.
> >
> > How is this normally handled in packages? Am I expected to add
> > configurations to handle this? How do I handle cases where selinux isn't
> > enabled?
>
> I know some provide a -selinux sub-package to deal with doing selinux
> policy changes. I'm not sure if this is the official, preferred way or
> not however. And there's no real automated way for someone installing
> your package (who has selinux enabled on their machine) to even be
> aware that the -selinux package exists. I ran into this with awstats.
> So you might make mention of it in the README.Fedora for the main
> package at the very least.
I know the SELinux folks are keen to have packages that provide services
also provide an accompanying policy module. You might want to consider
asking this question on the fedora-selinux-list, where I'll bet you'll
be able to get some help and pointers:
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
How do I handle selinux for an Apache module?
