Well, the policy was something we quickly threw together over at DLS because time was running out.
Tina there suggested that if the file context was changed, this wouldn't be a problem, but that the rule as it stands was sufficient to get around the problem.
We know what the rule is called there, so we can always uninstall it and then see what the contexts do.
Stefan
________________________________________
From: Moonshot Developers List [[log in to unmask]] on behalf of Sam Hartman [[log in to unmask]]
Sent: 27 June 2014 19:46
To: [log in to unmask]
Subject: Re: Policy for the keys database for FreeRADIUS
>>>>> "Adam" == Adam Bishop <[log in to unmask]> writes:
Adam> On 27 Jun 2014, at 17:49, Stefan Paetow <[log in to unmask]> wrote:
>> <radius_trust_router_selinux.txt>
Adam> Would it be better to implement this as an selinux boolean?
Adam> I'd like to avoid making global policy changes to fix a local
Adam> issue.
Adam> Not all TIDS deployments will have FreeRADIUS running, and not
Adam> all FreeRADIUS deployments will have TIDS running.
It seems like if you do the file contexts right, you can avoid the
boolean.
You always enable the rule, but there is no file that exists in the
context for the rule to apply unless there's actually a keys database.
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a
not-for-profit company which is registered in England under No. 2881024
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
|