By default, Linux distributions come with many prepackaged application domains. However, we will most likely come across situations where we need to build our own application policy or include a custom policy that is offered through third-party means.
Unlike users and roles, application domains usually have file context-related information with them.
The following SELinux policy is for mojomojo
, an open source, catalyst-based wiki. The code is pretty lightweight as it is a relatively simple web application (infrastructure-wise). In it, we call the apache_content_template()
, which provides most of the necessary rules out of the box:
# cat mojomojo.te
policy_module(mojomojo, 1.1.0)
# Create all types based on the apache content template
apache_content_template(mojomojo)
# Only call creation of alias on RHEL systems
ifdef(`distro_rhel',`
apache_content_alias_template(mojomojo,mojomojo...