By default, Linux distributions come with many prepackaged application domains. However, we will most likely come across situations where we need to build our own application policy.
Building such a policy can be to allow a particular application to run without SELinux protections (by marking the domain as a permissive domain) or perhaps with more controls that are currently in place.
Unlike users and roles, application domains usually have file context-related information with them.
The following SELinux policy is for mojomojo
, an open source, catalyst-based wiki. The code is pretty light in weight as it is a web application. Thus, calling a template for the web server module (apache_content_template
) that provides most of the rules already:
policy_module(mojomojo, 1.1.0) # Create all types based on the apache content template apache_content_template(mojomojo) # Needed by the mojomojo application allow httpd_mojomojo_script_t httpd_t...