Thanks Dan,
I don't have access to Fedora 17 at the moment so I can't test it but I will write a small python script this weekend so you can test it if you like. My feeling is that it won't work properly like it is because the fc file doesn't include couchjs, the JavaScript compiler. I think that was the main issue I had if I remember correctly.
Could you test the policy I attached as that seemed to work on Fedora 15 or is it too outdated? It was for couchdb 1.0.2.
P.S If you can wait a couple of weeks I should be able to get Fedora 17 running. It takes time because I have limited bandwidth (wireless) at the moment.
Thanks Michael
On 12/03/2012, at 21:54, Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I wrote my own policy for couchdb using sepolgen for Fedora 17.
Totally untested, since I have no idea how to use couchdb.
Fixed avc's created by starting and stopping the service.
ps -eZ | grep couch system_u:system_r:couchdb_t:s0 4103 ? 00:00:00 couchdb system_u:system_r:couchdb_t:s0 4113 ? 00:00:00 couchdb system_u:system_r:couchdb_t:s0 4114 ? 00:00:00 beam.smp system_u:system_r:couchdb_t:s0 4130 ? 00:00:00 heart
Might want to write separate polciy for heart? beam.smp?
I added port definitions for tcp port couchdb_port_t 5984 and 6984. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9eAAYACgkQrlYvE4MpobNfGgCgqOwQe9Gp4kWTHf48yZJu/j2N urEAnRBRMadaL2uY2TcRI2CCxaCdfM4w =9OeU -----END PGP SIGNATURE----- <couchdb.te> <couchdb.if> <couchdb.fc> <couchdb.sh>