Creating new application domains
By default, Linux distributions come with many prepackaged application domains. However, we will most likely come across situations where we need to build our own application policy or include a custom policy that is offered through third-party means.
Unlike users and roles, application domains usually have file context-related information with them.
Creating the mojomojo.* files
The following SELinux policy is for mojomojo, an open source, catalyst-based wiki. The code is pretty lightweight as it is a relatively simple web application (infrastructure-wise). In it, we call the apache_content_template(), which provides most of the necessary rules out of the box:
# cat mojomojo.te policy_module(mojomojo, 1.1.0) # Create ...Get SELinux System Administration - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
