Linux Archive - Compile HTTPD so it's SELinux Aware

Linux Archive

Linux Archive (http://www.linux-archive.org/)

- Fedora User (http://www.linux-archive.org/fedora-user/)

- - Compile HTTPD so it's SELinux Aware (http://www.linux-archive.org/fedora-user/397878-compile-httpd-so-its-selinux-aware.html)

Jafaruddin Lie

07-12-2010 01:21 AM

Compile HTTPD so it's SELinux Aware

Hi guys
We're thinking of compiling our own version of jailed Apache's httpd
on CENTOS 5.
Currently we don't have SELinux turned on, but we are building a new
server and would like to implement it.
I am familiar enough with setting the policies for the RPM version of
httpd, so my question is for the ones that we are going to compile,
what do I need to do on the compile to make it SELinux aware, and how
do I apply the policies to that particular instance?

There would be several different versions of jailed httpd instances
running on different ports.

--
Registered Linux user no. 384430
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Kevin Fenzi

07-12-2010 02:18 AM

Compile HTTPD so it's SELinux Aware

On Mon, 12 Jul 2010 11:21:28 +1000
Jafaruddin Lie <jafaruddin.lie@gmail.com> wrote:

> Hi guys
> We're thinking of compiling our own version of jailed Apache's httpd
> on CENTOS 5.

You likely want the centos list:

http://lists.centos.org/mailman/listinfo/centos

kevin
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Jafaruddin Lie

07-12-2010 03:17 AM

Compile HTTPD so it's SELinux Aware

:)
I figured I tried asking here first since my test box is a Fedora 13
box, I doubt it'll be any different when I move it to CentOS.

On Mon, Jul 12, 2010 at 12:18 PM, Kevin Fenzi <kevin@scrye.com> wrote:
> On Mon, 12 Jul 2010 11:21:28 +1000
> Jafaruddin Lie <jafaruddin.lie@gmail.com> wrote:
>
>> Hi guys
>> We're thinking of compiling our own version of jailed Apache's httpd
>> on CENTOS 5.
>
> You likely want the centos list:
>
> http://lists.centos.org/mailman/listinfo/centos
>
> kevin
>
> --
> users mailing list
> users@lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
>
>

--
Registered Linux user no. 384430
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Phil Meyer

07-12-2010 04:13 PM

Compile HTTPD so it's SELinux Aware

On 07/11/2010 07:21 PM, Jafaruddin Lie wrote:
> Hi guys
> We're thinking of compiling our own version of jailed Apache's httpd
> on CENTOS 5.
> Currently we don't have SELinux turned on, but we are building a new
> server and would like to implement it.
> I am familiar enough with setting the policies for the RPM version of
> httpd, so my question is for the ones that we are going to compile,
> what do I need to do on the compile to make it SELinux aware, and how
> do I apply the policies to that particular instance?
>
> There would be several different versions of jailed httpd instances
> running on different ports.
>
>

It may be easiest to:

$ yumdownloader --source httpd
$ rpm -ihv httpd*.rpm
$ cd ~/rpmbuild/SPECS
$ vim httpd.spec
%% modify to suit, or
$ rpmbuild -bp httpd.spec
$ cd ../BUILD/httpd*
%% modify to suit, create patches, and place patches in
~/rpmbuild/SOURCES
$ cd ~/rpmbuild/SPECS
$ vim httpd.spec
%% add your patches to the list
$ rpmbuild -ba httpd.spec

Now you can distribute your version of the rpm to the hosts that need it.

This is much cleaner than doing a make install, because you can easily
update the rpm, and you can play games with the versioning such that it
may or may not update with yum.

There may come a time when the Centos distributed rpm now contains the
mods you were after in the first place.

Also, you may submit your patches upstream. Who knows, maybe lots of
people want your mods as well.

Good Luck!
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Kevin Fenzi

07-12-2010 06:15 PM

Compile HTTPD so it's SELinux Aware

On Mon, 12 Jul 2010 13:17:11 +1000
Jafaruddin Lie <jafaruddin.lie@gmail.com> wrote:

> :)
> I figured I tried asking here first since my test box is a Fedora 13
> box, I doubt it'll be any different when I move it to CentOS.

Well, the versions and toolchains would be pretty different.

What "selinux awareness" are you trying to add?

httpd in fedora is already covered in the default selinux policy.
Is this some additional patch? If so, do you have a link to it?

kevin
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

All times are GMT. The time now is 07:26 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.