colby · December 6, 2016 02:17
diff --git a/- b/-
 [vagrant@web ~]$ cat httpd_copious.te

 module httpd_copious 1.0;

 require {
        type httpd_t;
        type default_t;
        type hugetlbfs_t;
        class file { write getattr };
        class capability2 block_suspend;
 }

 #============= httpd_t ==============
 allow httpd_t default_t:file getattr;
 allow httpd_t hugetlbfs_t:file write;
 allow httpd_t self:capability2 block_suspend;

 [vagrant@web ~]$ sudo checkmodule -M -m -o httpd_copious.mod httpd_copious.te
 [vagrant@web ~]$ sudo semodule_package -m httpd_copious.mod -o httpd_copious.pp
 [vagrant@web ~]$ sudo semodule -i httpd_copious.pp
	[vagrant@web ~]$ cat httpd_copious.te

	module httpd_copious 1.0;

	require {
	type httpd_t;
	type default_t;
	type hugetlbfs_t;
	class file { write getattr };
	class capability2 block_suspend;
	}

	#============= httpd_t ==============
	allow httpd_t default_t:file getattr;
	allow httpd_t hugetlbfs_t:file write;
	allow httpd_t self:capability2 block_suspend;

	[vagrant@web ~]$ sudo checkmodule -M -m -o httpd_copious.mod httpd_copious.te
	[vagrant@web ~]$ sudo semodule_package -m httpd_copious.mod -o httpd_copious.pp
	[vagrant@web ~]$ sudo semodule -i httpd_copious.pp