Selinux policy module needed to run a qpid cluster with selinux in enforcing mode.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@964551 13f79535-47bb-0310-9956-ffa450edef68
author: Alan Conway <aconway@apache.org> 2010-07-15 19:42:23 +0000
committer: Alan Conway <aconway@apache.org> 2010-07-15 19:42:23 +0000
commit: 4912c5774415e5d1712dadffe5a859e07ecda8a5 (patch)
tree: 77b431c4633cc4e0303b9eefab25f6b0cd8e6b84 /cpp/etc
parent: 7492bfb7042caa9246ab53f06c6e5489cb229b82 (diff)
download: qpid-python-4912c5774415e5d1712dadffe5a859e07ecda8a5.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/cpp/etc/selinux/qpidd.te b/cpp/etc/selinux/qpidd.te
new file mode 100644
index 0000000000..9163c55acf
--- /dev/null
+++ b/cpp/etc/selinux/qpidd.te
@@ -0,0 +1,16 @@
+# selinux policy module needed to run a qpid cluster with selinux in enforcing mode.
+
+policy_module(qpidd, 1.1)
+require {
+        type initrc_t;
+        type ccs_t;
+	type aisexec_t;
+}
+#============= ccs_t ==============
+fs_rw_tmpfs_files(ccs_t)
+allow ccs_t initrc_t:sem rw_sem_perms;
+allow ccs_t initrc_t:shm rw_shm_perms;
+allow ccs_t self:capability ipc_owner;
+allow aisexec_t initrc_t:sem rw_sem_perms;
+allow aisexec_t initrc_t:shm rw_shm_perms;
+allow aisexec_t self:capability { ipc_owner dac_override };
author	Alan Conway <aconway@apache.org>	2010-07-15 19:42:23 +0000
committer	Alan Conway <aconway@apache.org>	2010-07-15 19:42:23 +0000
commit	4912c5774415e5d1712dadffe5a859e07ecda8a5 (patch)
tree	77b431c4633cc4e0303b9eefab25f6b0cd8e6b84 /cpp/etc
parent	7492bfb7042caa9246ab53f06c6e5489cb229b82 (diff)
download	qpid-python-4912c5774415e5d1712dadffe5a859e07ecda8a5.tar.gz