Creating new application domains
By default, Linux distributions come with many prepackaged application domains. However, we will most likely come across situations where we need to build our own application policy or include a custom policy that is offered through third-party means.
Unlike users and roles, application domains usually have file context-related information with them.
Creating the mojomojo.* files
The following SELinux policy is for mojomojo, an open source, catalyst-based wiki. The code is pretty lightweight as it is a relatively simple web application (infrastructure-wise). In it, we call the apache_content_template(), which provides most of the necessary rules out of the box:
# cat mojomojo.te
policy_module(mojomojo, 1.1.0)
# Create all types based on the apache content template
apache_content_template(mojomojo)
# Only call creation of alias on RHEL systems
ifdef(`distro_rhel',`
apache_content_alias_template(mojomojo,mojomojo...
