nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
7a15ba8bae
selinux-refpolicy/policy/modules/roles
History
Harry Ciao b2f8897d9c Add support for the samhain program. 
Note, extra privileges may need to be granted to the samhain domain
if its default configuration file(/etc/samhainrc) is changed.

The samhain program could be used in the following way:

(In secadm_r role)
1. Initialize filesystem signature database:
newrole -l s15:c0.c1023 -p -- -c "samhain -t init"

(Note, the current secadm console will be blocked until
the database is completed)

2. Start samhain deamon to check filesystem integrity
newrole -l s15:c0.c1023 -p -- -c "samhain -t check -D"

3. Update filesystem signature database:
newrole -l s15:c0.c1023 -p -- -c "samhain -t update"

(In sysadm_r role)
1. Start samhain in daemon mode:
run_init /etc/init.d/samhain start

2. Stop samhain daemon:
run_init /etc/init.d/samhain stop

3. Check samhain daemon status:
run_init /etc/init.d/samhain status

4. Read/write samhain log files:
newrole -l s15:c0.c1023 -p -- -c "cat /var/log/samhain_log"

5. Remove samhain database files
newrole -l s15:c0.c1023 -p -- -c "rm /var/lib/samhain/samhain_file"

Note:
1. Stop samhain daemon before updating signature database.
2. Don't try to start samhain daemon twice.
3. Need to toggle SELinux into the Permissive mode in order to remove
   the samhain_log files from /var/log/.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
2010-12-15 10:57:12 -05:00
..
auditadm.fc trunk: Move user roles into individual modules. 2008-04-29 13:58:34 +00:00
auditadm.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
auditadm.te Bump module versions for release. 2010-12-13 09:12:22 -05:00
dbadm.fc Add dbadm, from KaiGai Kohei. 2010-02-08 10:34:08 -05:00
dbadm.if Dbadm updates from KaiGai Kohei. 2010-08-19 08:41:39 -04:00
dbadm.te Dbadm updates from KaiGai Kohei. 2010-08-19 08:41:39 -04:00
guest.fc trunk: 6 patches from dan. 2009-03-31 13:40:59 +00:00
guest.if trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
guest.te Bump module versions for release. 2010-12-13 09:12:22 -05:00
logadm.fc trunk: 6 patches from dan. 2009-03-19 17:56:10 +00:00
logadm.if trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
logadm.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
metadata.xml trunk: Move user roles into individual modules. 2008-04-29 13:58:34 +00:00
secadm.fc trunk: Move user roles into individual modules. 2008-04-29 13:58:34 +00:00
secadm.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
secadm.te Bump module versions for release. 2010-12-13 09:12:22 -05:00
staff.fc trunk: Move user roles into individual modules. 2008-04-29 13:58:34 +00:00
staff.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
staff.te Bump module versions for release. 2010-12-13 09:12:22 -05:00
sysadm.fc trunk: Move user roles into individual modules. 2008-04-29 13:58:34 +00:00
sysadm.if trunk: add sysadm_entry_spec_domtrans_to() interface from clip. 2009-01-15 15:07:37 +00:00
sysadm.te Add support for the samhain program. 2010-12-15 10:57:12 -05:00
unprivuser.fc trunk: Move user roles into individual modules. 2008-04-29 13:58:34 +00:00
unprivuser.if trunk: merge UBAC. 2008-11-05 16:10:46 +00:00
unprivuser.te Bump module versions for release. 2010-12-13 09:12:22 -05:00
webadm.fc trunk: 5 patches from dan. 2009-04-07 14:09:43 +00:00
webadm.if trunk: 5 patches from dan. 2009-04-07 14:09:43 +00:00
webadm.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00
xguest.fc trunk: 6 patches from dan. 2009-03-31 13:40:59 +00:00
xguest.if trunk: whitespace fixes 2009-06-26 14:40:13 +00:00
xguest.te Whitespace change: drop unnecessary blank line at the start of .te files. 2010-06-10 08:16:35 -04:00