Enabling SELinux

Enable SELinux so that it can work together with the Apache HTTPS server.

1. Obtain the tools used in this topic by running this command:

   # yum install policycoreutils-python selinux-policy-devel

2. Set the following SELinux booleans to value 1:

   # setsebool -P httpd_unified 1
   # setsebool -P daemons_enable_cluster_mode 1
   # setsebool -P httpd_run_stickshift 1
   

3. Set type pkcsslotd_lock_t in the security context of /var/lock/opencryptoki and all folders and sub-directories:

   # chcon -R -t pkcsslotd_lock_t /var/lock/opencryptoki/
   

4. Write an SELinux policy module with the name httpd-plus.te. The source code for policy module httpd-plus.te is provided in Appendix. SELinux policy module. To build and install policy module httpd-plus.te, enter:

   # make -f /usr/share/selinux/devel/Makefile
   # semodule -i httpd-plus.pp
   

5. Restart the slot daemon and Apache HTTPS server:

   # systemctl restart pkcsslotd.service
   # systemctl restart httpd.service