Selinux policy module needed to run a qpid cluster with selinux in enforcing mode.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@964551 13f79535-47bb-0310-9956-ffa450edef68
author: Alan Conway <aconway@apache.org> 2010-07-15 19:42:23 +0000
committer: Alan Conway <aconway@apache.org> 2010-07-15 19:42:23 +0000
commit: 1d986872fe4f00a0f502fa334f67def44977cb30 (patch)
tree: b0349148491ef0f5c44f1a906e543890695e7ac3 /qpid/cpp/etc
parent: cff4325724d47a4d49d7f0a19039f3ccb2e06eb0 (diff)
download: qpid-python-1d986872fe4f00a0f502fa334f67def44977cb30.tar.gz
1 files changed, 16 insertions, 0 deletions
diff --git a/qpid/cpp/etc/selinux/qpidd.te b/qpid/cpp/etc/selinux/qpidd.te
new file mode 100644
index 0000000000..9163c55acf
--- /dev/null
+++ b/qpid/cpp/etc/selinux/qpidd.te
@@ -0,0 +1,16 @@
+# selinux policy module needed to run a qpid cluster with selinux in enforcing mode.
+
+policy_module(qpidd, 1.1)
+require {
+        type initrc_t;
+        type ccs_t;
+	type aisexec_t;
+}
+#============= ccs_t ==============
+fs_rw_tmpfs_files(ccs_t)
+allow ccs_t initrc_t:sem rw_sem_perms;
+allow ccs_t initrc_t:shm rw_shm_perms;
+allow ccs_t self:capability ipc_owner;
+allow aisexec_t initrc_t:sem rw_sem_perms;
+allow aisexec_t initrc_t:shm rw_shm_perms;
+allow aisexec_t self:capability { ipc_owner dac_override };
author	Alan Conway <aconway@apache.org>	2010-07-15 19:42:23 +0000
committer	Alan Conway <aconway@apache.org>	2010-07-15 19:42:23 +0000
commit	1d986872fe4f00a0f502fa334f67def44977cb30 (patch)
tree	b0349148491ef0f5c44f1a906e543890695e7ac3 /qpid/cpp/etc
parent	cff4325724d47a4d49d7f0a19039f3ccb2e06eb0 (diff)
download	qpid-python-1d986872fe4f00a0f502fa334f67def44977cb30.tar.gz