After installing Resource Orchestrator, use the following procedure to configure SELinux.
Execute the following commands.
# cd /etc/opt/FJSVrcvmr/selinux <RETURN>
# /usr/sbin/semodule -i fjsvrcvmr.pp <RETURN>
# /usr/sbin/semanage fcontext -a -t unconfined_exec_t '/etc/rc\.d/init\.d/FJSVctchg' <RETURN>
# /usr/sbin/semanage fcontext -a -t unconfined_exec_t '/etc/rc\.d/init\.d/FJSVctdsb' <RETURN>
# /usr/sbin/semanage fcontext -a -t unconfined_exec_t '/etc/rc\.d/init\.d/FJSVctmgibpmf' <RETURN>
# /usr/sbin/semanage fcontext -a -t unconfined_exec_t '/etc/rc\.d/init\.d/FJSVrcxct' <RETURN>
# /usr/sbin/semanage fcontext -a -t unconfined_exec_t /opt/FJSVctdsb-sqc/bin/S99dcm <RETURN>
# /usr/sbin/semanage fcontext -a -t unconfined_exec_t /var/opt/FJSVctmg-isas/fjje6/pcmi/isje6/FJSVpcmi <RETURN>
# /usr/sbin/semanage fcontext -a -t bin_t /opt/FJSVcir/jre/bin/java <RETURN>
# /usr/sbin/semanage fcontext -a -t bin_t /opt/FJSVctdsb-cmdb/CMDB/FJSVcmdba/jre/bin/java <RETURN>
# /usr/sbin/semanage fcontext -a -t bin_t /opt/FJSVctdsb-cmdb/CMDB/FJSVcmdbm/setup/redhat_32/re60/installer/Linux/jre/bin/java <RETURN>
# /usr/sbin/semanage fcontext -a -t bin_t /opt/FJSVctmg-isas/jdk7/bin/java <RETURN>
# /usr/sbin/semanage fcontext -a -t bin_t /opt/FJSVctmg-isas/jdk7/jre/bin/java <RETURN>
# /sbin/restorecon -R /etc/init.d <RETURN>
# /sbin/restorecon /opt/FJSVctdsb-sqc/bin/S99dcm <RETURN>
# /sbin/restorecon /var/opt/FJSVctmg-isas/fjje6/pcmi/isje6/FJSVpcmi <RETURN>
# /sbin/restorecon /opt/FJSVcir/jre/bin/java <RETURN>
# /sbin/restorecon /opt/FJSVrcvmr/runtime/jre6/bin/java <RETURN>
# /sbin/restorecon /opt/FJSVrcvmr/runtime64/jre6/bin/java <RETURN>
# /sbin/restorecon /var/opt/FJSVrcvmr/rcxtrphdl <RETURN>
# /sbin/restorecon /opt/FJSVrcvhb/jre6/bin/java <RETURN>
# /sbin/restorecon /opt/FJSVctdsb-cmdb/CMDB/FJSVcmdba/jre/bin/java <RETURN>
# /sbin/restorecon /opt/FJSVctdsb-cmdb/CMDB/FJSVcmdbm/setup/redhat_32/re60/installer/Linux/jre/bin/java <RETURN>
# /sbin/restorecon /opt/FJSVctmg-isas/jdk7/bin/java <RETURN>
# /sbin/restorecon /opt/FJSVctmg-isas/jdk7/jre/bin/java <RETURN> |
The policy modules are applied and a label is configured for each file.
Check if the label of each file and directory is correct.
Execute the following commands.
File
For file, specify the target file for label check.
Directory
# ls -dZ directory <RETURN> |
For directory, specify the directory for label check.
Example
To check the label of /opt/FJSVcir/jre/bin/java
# ls -Z /opt/FJSVcir/jre/bin/java <RETURN> -rwxr-xr-x. root sys system_u:object_r:bin_t:s0 /opt/FJSVcir/jre/bin/java |
The files and directories to check the labels of are as follows.
Table J.1 Files and Directories to Check the Labels OfFiles and Directories | Label |
|---|
/etc/init.d/scwdepsvd | unconfined_exec_t |
/etc/init.d/scwpxesvd |
/etc/init.d/scwtftpd |
/etc/init.d/rcvmr |
/etc/init.d/rcxdb |
/etc/init.d/rcxhttpd |
/etc/init.d/rcxmongrel[0-9]* |
/etc/init.d/FJSVctchg |
/etc/init.d/FJSVctdsb |
/etc/init.d/FJSVctmgibpmf |
/etc/init.d/FJSVrcxct |
/opt/FJSVctdsb-sqc/bin/S99dcm |
/var/opt/FJSVctmg-isas/fjje6/pcmi/isje6/FJSVpcmi |
/var/opt/FJSVrcvmr/rcxtrphdl/ (directory) | snmpd_var_lib_t |
/opt/FJSVrcvmr/runtime64/jre6/bin/java | bin_t |
/opt/FJSVrcvmr/runtime/jre6/bin/java |
/opt/FJSVcir/jre/bin/java |
/opt/FJSVctdsb-cmdb/CMDB/FJSVcmdba/jre/bin/java |
/opt/FJSVctdsb-cmdb/CMDB/FJSVcmdbm/setup/redhat_32/re60/installer/Linux/jre/bin/java |
/opt/FJSVctmg-isas/jdk7/bin/java |
/opt/FJSVctmg-isas/jdk7/jre/bin/java |
Restart the manager.
For the method for restarting managers, refer to "2.1 Starting and Stopping Managers" in the "Operation Guide CE".
