Skip to content

Commit 9ef33e2

Browse files
craigcomstockcraigcomstock
committed
refactored to provide unconfined module which is simple and easy to install hopefully
1 parent fe02979 commit 9ef33e2

File tree

4 files changed

+19
-14
lines changed

4 files changed

+19
-14
lines changed

misc/selinux/Makefile.am

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,14 +2,16 @@ if WITH_SELINUX
22
cfengine-enterprise.te: cfengine-enterprise.te.all $(PLATFORM_SELINUX_POLICIES)
33
cat cfengine-enterprise.te.all $(PLATFORM_SELINUX_POLICIES) > cfengine-enterprise.te
44

5-
cfengine-enterprise.pp: cfengine-enterprise.te cfengine-enterprise.fc
5+
cfengine-enterprise.pp cfengine-enterprise-unconfined.pp: cfengine-enterprise.te cfengine-enterprise.fc cfengine-enterprise-unconfined.te cfengine-enterprise-unconfined.fc
66
$(MAKE) -f /usr/share/selinux/devel/Makefile -j1
77

88
selinuxdir = $(prefix)/selinux
99
selinux_DATA = cfengine-enterprise.pp
1010
selinux_DATA += cfengine-enterprise.te
1111
selinux_DATA += cfengine-enterprise.fc
12-
selinux_DATA += label-binaries-unconfined.sh
12+
selinux_DATA = cfengine-enterprise-unconfined.pp
13+
selinux_DATA += cfengine-enterprise-unconfined.te
14+
selinux_DATA += cfengine-enterprise-unconfined.fc
1315

1416
clean-local:
1517
rm -rf tmp
@@ -19,6 +21,7 @@ endif
1921
# tarball even without running './configure --with-selinux-policy'
2022
DISTFILES = Makefile.in Makefile.am cfengine-enterprise.fc cfengine-enterprise.te.all
2123
DISTFILES += cfengine-enterprise.te.el9
22-
DISTFILES += label-binaries-unconfined.sh
24+
DISTFILES += cfengine-enterprise-unconfined.te
25+
DISTFILES += cfengine-enterprise-unconfined.fc
2326

24-
CLEANFILES = cfengine-enterprise.pp cfengine-enterprise.if cfengine-enterprise.te
27+
CLEANFILES = cfengine-enterprise.pp cfengine-enterprise.if cfengine-enterprise.te cfengine-enterprise-unconfined.pp cfengine-enterprise-unconfined.if

misc/selinux/cfengine-enterprise-unconfined.fc

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
/var/cfengine/bin/.* -- gen_context(system_u:object_r:cfengine_exec_t,s0)
2+
/var/cfengine/notification_scripts(/.*)? -- gen_context(system_u:object_r:cfengine_exec_t,s0)
3+
/var/cfengine/httpd/bin/.* -- gen_context(system_u:object_r:cfengine_exec_t,s0)
4+
/var/cfengine/httpd/php/bin/.* -- gen_context(system_u:object_r:cfengine_exec_t,s0)

misc/selinux/cfengine-enterprise-unconfined.te

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
module cfengine-enterprise-unconfined 1.0;
2+
require {
3+
all_kernel_class_perms # required for unconfined_domain()
4+
}
5+
type cfengine_t;
6+
type cfengine_exec_t;
7+
unconfined_domain(cfengine_t)
8+
domain_entry_file(cfengine_t, cfengine_exec_t)

misc/selinux/label-binaries-unconfined.sh

Lines changed: 0 additions & 10 deletions
This file was deleted.

0 commit comments

Comments
 (0)