From 1d986872fe4f00a0f502fa334f67def44977cb30 Mon Sep 17 00:00:00 2001
From: Alan Conway <aconway@apache.org>
Date: Thu, 15 Jul 2010 19:42:23 +0000
Subject: Selinux policy module needed to run a qpid cluster with selinux in
 enforcing mode.

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@964551 13f79535-47bb-0310-9956-ffa450edef68
---
 qpid/cpp/etc/selinux/qpidd.te | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 qpid/cpp/etc/selinux/qpidd.te

(limited to 'qpid/cpp/etc')

diff --git a/qpid/cpp/etc/selinux/qpidd.te b/qpid/cpp/etc/selinux/qpidd.te
new file mode 100644
index 0000000000..9163c55acf
--- /dev/null
+++ b/qpid/cpp/etc/selinux/qpidd.te
@@ -0,0 +1,16 @@
+# selinux policy module needed to run a qpid cluster with selinux in enforcing mode.
+
+policy_module(qpidd, 1.1)
+require {
+        type initrc_t;
+        type ccs_t;
+	type aisexec_t;
+}
+#============= ccs_t ==============
+fs_rw_tmpfs_files(ccs_t)
+allow ccs_t initrc_t:sem rw_sem_perms;
+allow ccs_t initrc_t:shm rw_shm_perms;
+allow ccs_t self:capability ipc_owner;
+allow aisexec_t initrc_t:sem rw_sem_perms;
+allow aisexec_t initrc_t:shm rw_shm_perms;
+allow aisexec_t self:capability { ipc_owner dac_override };
-- 
cgit v1.2.1