SELinux (Security Enhanced Linux) is a security enhancement feature in Linux that provides administrators additional control over which users and applications can access which system resources. solidDB supports SELinux on Red Hat Enterprise Linux (RHEL) operating systems.
Before you begin
The instructions in this topic assume that you are familiar with SELinux for RHEL 6. For information about SELinux on RHEL 6, see the Red Hat Enterprise Linux 6 Security-Enhanced Linux User Guide.
You also need to have the following SELinux policy tools installed on your system:
▪ selinux-policy-version
For example, selinux-policy-3.7.19-54.el6.noarch
▪ policycoreutils-python-version
For example, policycoreutils-python-2.0.83-19.1.el6.x86_64
About this task
With default installation, all solidDB processes run in an unconfined domain, that is, unconfined users can run solidDB processes without any further action.
The following procedure uses the sepolgen utility to create and install SELinux policy modules for solidDB so that also confined system level users (system_u) can start solidDB processes.
Note You need to run the sepolgen utility separately for each solidDB process.
Procedure
1 In the selinux/devel directory, create the policy modules by issuing the following command:
The sepolgen utility creates the policy modules; the file names use the soliddb_executable.xx naming pattern, for example, soliddb_executable.te.
2 Install and apply the security policy permanently by issuing the following command:
sh soliddb_executable.sh
Results
The sepolgen utility creates the source and binary files for the policy module. If you want to enforce a more strict policy, for example, for specific users, you need to modify, recompile, and reinstall the policy modules. For more details, see the Red Hat Enterprise Linux 6 Security-Enhanced Linux User Guide.
Examples
Creating and applying the systems default SELinux policy on the solidDB server (solid) executable program.
# cd /usr/share/selinux/devel
secpolgen solidDB_installdir/bin/solid
sh solid.sh
Creating and applying the systems default SELinux policy on the SMA server (solidsma) executable program.
# cd /usr/share/selinux/devel
secpolgen solidDB_installdir/bin/solidsma
sh solidsma.sh
Creating and applying the systems default SELinux policy on the solidDB High Availability Controller (solidhac) executable program.