qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From acon...@apache.org
Subject svn commit: r966302 - in /qpid/trunk/qpid/cpp/etc/selinux: qpidd.te qpiddevel.te
Date Wed, 21 Jul 2010 16:37:05 GMT
Author: aconway
Date: Wed Jul 21 16:37:04 2010
New Revision: 966302

URL: http://svn.apache.org/viewvc?rev=966302&view=rev
Log:
Added selinux policy so developers can run cluster tests with enforcing=1

Added:
    qpid/trunk/qpid/cpp/etc/selinux/qpiddevel.te
Modified:
    qpid/trunk/qpid/cpp/etc/selinux/qpidd.te

Modified: qpid/trunk/qpid/cpp/etc/selinux/qpidd.te
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/etc/selinux/qpidd.te?rev=966302&r1=966301&r2=966302&view=diff
==============================================================================
--- qpid/trunk/qpid/cpp/etc/selinux/qpidd.te (original)
+++ qpid/trunk/qpid/cpp/etc/selinux/qpidd.te Wed Jul 21 16:37:04 2010
@@ -1,6 +1,10 @@
-# selinux policy needed to run a qpid cluster with selinux in enforcing mode.
-# To build the compiled .pp file in this directory do:
-#   make -f /usr/share/selinux/devel/Makefile 
+# selinux policy needed to run the qpidd service with clustering
+# enabled and selinux in enforcing mode.
+#
+# To build the qpid.pp module in this directory do:
+#   sudo make -f /usr/share/selinux/devel/Makefile
+# To install the compiled qpidd.pp
+#   sudo semodule -i qpidd.pp
 
 policy_module(qpidd, 1.1)
 require {

Added: qpid/trunk/qpid/cpp/etc/selinux/qpiddevel.te
URL: http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/etc/selinux/qpiddevel.te?rev=966302&view=auto
==============================================================================
--- qpid/trunk/qpid/cpp/etc/selinux/qpiddevel.te (added)
+++ qpid/trunk/qpid/cpp/etc/selinux/qpiddevel.te Wed Jul 21 16:37:04 2010
@@ -0,0 +1,23 @@
+# selinux policy for qpid developers.
+# If you have configured a qpid source tree with cluster support, you will need
+# this policy to run the make check tests with with selinux in enforcing mode.
+#
+# To build the qpid.pp module in this directory do:
+#   sudo make -f /usr/share/selinux/devel/Makefile
+# To install the compiled qpiddevel.pp
+#   sudo semodule -i qpiddevel.pp
+
+module qpiddevel 1.0;
+
+require {
+	type unconfined_t;
+	type aisexec_t;
+	class capability sys_admin;
+	class sem { write unix_read unix_write associate read destroy };
+	class shm { unix_read write unix_write associate read destroy };
+}
+
+#============= aisexec_t ==============
+allow aisexec_t self:capability sys_admin;
+allow aisexec_t unconfined_t:sem { write unix_read unix_write associate read destroy };
+allow aisexec_t unconfined_t:shm { unix_read write unix_write associate read destroy };



---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:commits-subscribe@qpid.apache.org


Mime
View raw message