My first SEAchievement

In Gwalior, I’d installed an eGroupware instance on a Fedora Core 6 box. In the Felamimail module of eGroupware, and I got this error Can't connect to mail.server,143: Permission denied. I checked IMAP server, and found it was running. Then I checked my iptables rules, those were also fine. So, after this I checked my /var/log/audit/audit.log and found following AVC denial message:

type=AVC msg=audit(1172212945.073:194): avc:  denied  { name_connect } for pid=3772 comm="httpd" dest=143
scontext=system_u:system_r:httpd_t:s0 context=system_u:object_r:pop_port_t:s0 tclass=tcp_socket

On passing this message through audit2allow tool, I got following allow rule:

allow httpd_t pop_port_t:tcp_socket name_connect;

So, now to add this rule to the SELinux policy, I downloaded the selinux-policy SRPM, and installed in ~/rpmbuild. Then I modified the ~/rpmbuild/BUILD/serefpolicy-*/policy/modules/services/apache.te to contain my allow rules, and since I added a boolean, I need to add an entry in ~/rpmbuild/BUILD/serefpolicy-*/policy/global_tunables also. So, after changing, I generated a diff of my changes and placed it in ~/rpmbuild/SOURCES. And I since I need to modify the sources at the time of building new RPM, I need to modify my .spec file also, to apply the diff I placed it in SOURCES at the time of preparing sources. So following is the diff which needs to be applied on ~/rpmbuild/SPECS/selinux-policy.spec to generate a new .spec.

--- selinux-policy.spec.old     2007-02-16 22:48:14.000000000 +0530
+++ selinux-policy.spec 2007-02-22 22:53:56.000000000 +0530
@@ -17,11 +17,12 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 2.4.6
-Release: 40%{?dist}
+Release: 41%{?dist}
 License: GPL
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
-patch: policy-20061106.patch
+patch0: policy-20061106.patch
+patch1: policy-20070222.patch
 Source1: modules-targeted.conf
 Source2: booleans-targeted.conf
 Source3: Makefile.devel
@@ -166,7 +167,8 @@

 %prep
 %setup -q -n serefpolicy-%{version}
-%patch -p1
+%patch0 -p1
+%patch1 -p1

 %install
 # Build targeted policy

The file policy-20070222.patch (md5sum: b43fd29ca9d290fdfcb7d045363195d7) needs to be placed in ~/rpmbuild/SOURCES. I’ve used selinux-policy-2.4.6-40.fc6.src.rpm as the reference policy. Anyways, happy SELinuxing :)

Advertisements

NNTP in GNOME VFS

Well, this is cool. I accidentally clicked on a nntp link in Firefox, and then to my surprise instead of some newsreader application (like Evolution), Nautilus handled it. And then it downloaded recent 104 posts. When I double clicked on a posting, gedit has loaded that news posting. Isn’t it cool worth capturing ;-)

mcabber – a small XMPP console client

Just finished hacking an RPM for mcabber on my Fedora Core 6. mcabber is a cool XMPP client for curses, supporting MUC, PGP, SSL etc.

For those who want to try, mcabber on Fedora Core 6, I’ve hacked mcabber.spec (md5sum: 429ddb1d36f07f06135d4208631ea763 ) and mcabber.src.rpm (md5sum: 3c129cd17535d39d57105749703dc517 ). So happy, mcabbering :-D

Committed net/mugshot port update

FreeBSD port net/mugshot maintained by /ME is now updated to version 1.1.33.

No LiveJournal for me

No LiveJournal for me. Why ? because I’ve Tor ;-)

Committed net/mugshot port update

FreeBSD port net/mugshot maintained by /ME is now updated to version 1.1.32.

Test your autotools skills

Well, if you understand FreeBSD Ports system, and want to testing out your autotools skills, find why packaging libpthread-stubs FreeBSD port is giving errors on 7.0-CURRENT system, whereas successful in 6.0-STABLE system.

Build logs are available for 7.0-CURRENT, and 6.0-STABLE. Source for libpthread-stubs is available from http://xcb.freedesktop.org/dist/libpthread-stubs-0.1.tar.bz2.

Happy Hacking :-D