On Fri, 2013-04-26 at 10:16 +0100, Moray Henderson wrote:
Is there a way to disable a particular module in selinux-policy-targeted-3.7.19-195.el6_4.1.noarch.rpm without having to modify and rebuild the whole RPM?
sudo semodule -d passenger
disables the passenger module
Our versions of Ruby and Passenger put things in different places than the ones expected by the SELinux passenger module so we've had to remove it and make our own. That meant we missed a RHEL 6.4 selinux-policy update and ended up with a broken Samba 3.6. If there's a way we can go back to using the standard selinux-policy rpms but disable the passenger module, it would be very useful.
Thanks,
Moray. "To err is human; to purr, feline."
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
On 04/26/13 06:24, Dominick Grift wrote:
On Fri, 2013-04-26 at 10:16 +0100, Moray Henderson wrote:
Is there a way to disable a particular module in selinux-policy-targeted-3.7.19-195.el6_4.1.noarch.rpm without having to modify and rebuild the whole RPM?
sudo semodule -d passenger
disables the passenger module
Our versions of Ruby and Passenger put things in different places than the ones expected by the SELinux passenger module so we've had to remove it and make our own. That meant we missed a RHEL 6.4 selinux-policy update and ended up with a broken Samba 3.6. If there's a way we can go back to using the standard selinux-policy rpms but disable the passenger module, it would be very useful.
I have the same problem... but rather than do that, is there a way to extract *just* the passenger module, so I can edit the paths, and reinstall it?
mark
On Fri, 2013-04-26 at 07:59 -0400, mark wrote:
I have the same problem... but rather than do that, is there a way to extract *just* the passenger module, so I can edit the paths, and reinstall it?
Why do you need to edit the existing paths? Do they conflict or harm? Can you not just add new paths using semanage or a separate policy module?
If you cannot do that. Then you can disable the existing passenger policy module with semodule -d passenger.
Then get the passenger source policy module from fedora CVS, edit, rename that and build install that
semodule -i passenger-revisited.pp
mark
selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
On 04/26/13 08:08, Dominick Grift wrote:
On Fri, 2013-04-26 at 07:59 -0400, mark wrote:
I have the same problem... but rather than do that, is there a way to extract *just* the passenger module, so I can edit the paths, and reinstall it?
Why do you need to edit the existing paths? Do they conflict or harm? Can you not just add new paths using semanage or a separate policy module?
You can add new paths? How? I've never noticed that in the man pages, or examples....
mark
If you cannot do that. Then you can disable the existing passenger policy module with semodule -d passenger.
Then get the passenger source policy module from fedora CVS, edit, rename that and build install that
semodule -i passenger-revisited.pp
mark
selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
On Fri, 2013-04-26 at 08:16 -0400, mark wrote:
On 04/26/13 08:08, Dominick Grift wrote:
On Fri, 2013-04-26 at 07:59 -0400, mark wrote:
I have the same problem... but rather than do that, is there a way to extract *just* the passenger module, so I can edit the paths, and reinstall it?
Why do you need to edit the existing paths? Do they conflict or harm? Can you not just add new paths using semanage or a separate policy module?
You can add new paths? How? I've never noticed that in the man pages, or examples....
Example:
Lets say i want to add a new path for /mywebsite:
mkdir ~/mywebsite; cd ~/mywebsite cat > mywebsite.te << EOF policy_module(mywebsite, 1.0.0) optional_policy(` gen_require (` type httpd_sys_content_t; ') ') EOF cat > mywebsite.fc << EOF /mywebsite(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) EOF make -f /usr/share/selinux/devel/Makefile mywebsite.pp sudo semodule -i mywebsite.pp restorecon -R -v -F /mywebsite
mark
If you cannot do that. Then you can disable the existing passenger policy module with semodule -d passenger.
Then get the passenger source policy module from fedora CVS, edit, rename that and build install that
semodule -i passenger-revisited.pp
mark
selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
selinux@lists.fedoraproject.org