SELinux Targeted Policy for the Citadel Groupware Server

SELinux targeted policy module which extends kernel mandatory access control policies to the Citadel Groupware Server (both Citadel and the Webcit webserver). The module has been compiled and tested on Red Hat Enterprise Linux 5 and CentOS 5.

Features

Provides an additional layer of protection around the standalone git-daemon process.

Dependencies

The following packages must be installed for policy compilation:

  • selinux-policy-targeted
  • selinux-policy-devel

To install the prerequisite packages, use RPM or YUM.

Example: sudo yum install selinux-policy-devel

Compilation and Installation

  1. Unpack the archive (likely already completed if you are reading this)
  2. Change to the “citadel” directory in the archive contents.
  3. Adjust the file paths in the citserver.fc file to match the unique requirements of your distribution or system.
  4. Run “make”.
  5. Install the resulting citserver.pp SELinux module.Example: sudo /usr/sbin/semodule -i citserver.pp
  6. Change to the “webcit” directory in the archive contents.
  7. Adjust the file paths in the webcit.fc file to match the unique requirements of your distribution or system.
  8. Run “make”.
  9. Install the resulting citserver.pp SELinux module. Example: sudo /usr/sbin/semodule -i webcit.pp