to compile
make -f /usr/share/selinux/devel/Makefilemake sure you're have:
yum install libselinux-policy-devel
yum install selinux-policy-devel.noarchSome notes: unfortunatelly so far there's now way to do portcon from module policy def , so we need to do it from shell or CIL
so after installing the module with
semodule -i vault.ppwe need to do
semanage port -a -t vault_port_t -p tcp 5200to tag the port with the type we've created in the policy definition.
To remove the module is tricky too , as the type is defined in the policy
semanage port -d -t vault_port_t -p tcp 5200and remove the module
semodule -r vaultand you're clean.
Relabel the vault binary with
restorecon -r /usr/sbin/vaultThis goes to uncofined when you remove the module so no issues here.
#Init files
cp vault /etc/init.d
mkdir /etc/vault && cp vault.conf /etc/vault
chkconfig --add vault
systemctl daemon-reladUsage:
service vault start
service vault stop
service vault statuslog files:
- /var/log/vault.log
- /var/run/vault.pid