Linux – SELinux – SEModule – Compile .pp module from .te file
I recently ran into a situation where I needed to grant access to certain /home dirs in order to get puppetmaster started with SELinux enforcing. And I had to do it in such a way that I could keep the resulting “type enforcement” (.te) file in version control, this would allow me to track human readable changes.
$ -> cd ~ $ -> echo > /var/log/audit/audit.log # this ensures a clean log for analysis $ -> /etc/init.d/puppetmaster start # should fail $ -> audit2allow -i /var/log/audit/audit.log -m puppetmaster # this will output the perms necessary for puppetmaster to access needed resources, copy and paste this into the file you are using in version control $ -> checkmodule -M -m -o puppetmaster.mod /path/to/your/version/controlled/puppetmaster.te # this will create a .mod file $ -> semodule_package -m puppetmaster.mod -o puppetmaster.pp # this will create a compiled semodule $ -> semodule -i puppetmaster.pp # this will install the module
At this point, you have added a custom puppetmaster selinux module which will allow you to get through the first issue discovered when trying to start the service. From here there are one of two course of action, depending on whether the service starts or not. If the service starts, you are done. If the service does not start, you will need to repeat the above steps to determine which new permissions are required to allow the service to start, rinse and repeat until your service starts.
- virsh – Refusing to undefine while domain managed save image exists
- Git – Revert Multiple Locally Changed Files
- Linux – Using Curl to Test Response Headers
- Puppet – Wrong Header Line Format – Error
- CentOS – sealert – Convert audit messages into human readable (and understandable) format
- CentOS – PHP – Install Memcached (with a d) Stack
- Apache – Httpd – SELinux – Permission denied – File Permissions Deny Server Access
- MySQL – Percona – Release Notes – Identifying Changes Between Versions
- Linux – CentOS – Install Mycrypt
- Linux – CentOS – GIT – Version Mismatch – CentOS5 CentOS6