Skip to content
/ flexnet_selinux Public

Installing this policy allows FlexNet to work under SELinux Enforcing environment. The policy restricts FlexNet's behavior whenever possible and mitigates security threats.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Mine02C4/flexnet_selinux

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
.github/workflows
.github/workflows
 
 
policy
policy
 
 
repo
repo
 
 
signature
signature
 
 
README.md
README.md
 
 

Repository files navigation

SELinux policy module for FlexNet

!IMPORTANT! : This is unofficial software; it is a policy created by an ordinary user independent of FlexNet's vendor.

Installing this policy allows FlexNet to work under SELinux Enforcing environment. The policy restricts FlexNet's behavior whenever possible and mitigates security threats.

Requirements

  • Distribution : Rocky Linux 9
  • FlexNet : v11.17.2.0

I believe it works in other environments as well. I would like information on confirmation that it works.

Installation

Step. -1 : Avoid ELF interpreter problem

Please perform the following workaround as root to resolve LSB and ELF interpreter issues with FlexNet and recent RHEL-based distributions.

cd /lib64
ln -s ld-linux-x86-64.so.2 ld-lsb-x86-64.so.3
semanage fcontext -a -f l -t ld_so_t "/usr/lib/ld-[^/]*\.so(\.[^/]*)*"
restorecon -v /lib64/ld-lsb-x86-64.so.3

Step. 0 : Prepare FlexNet file

The file structure should be as follows.

  • /usr/local/bin/lmgrd (file) : FletNet service
  • /usr/local/bin/lmutil (file) : FletNet utilities
  • /usr/local/lib/flexnet/ (dir) : Directory for vendor files
  • /usr/local/etc/flexnet/ (dir) : Directory for license files

Step. 1 : Add DNF repository

Execute the following command as root

dnf config-manager --add-repo https://raw.githubusercontent.com/Mine02C4/flexnet_selinux/main/repo/flexnet_selinux.repo

If you want to import GPG keys in advance, execute the following command. (Optional)

rpm --import https://raw.githubusercontent.com/Mine02C4/flexnet_selinux/main/signature/public.gpg

Step. 2 : Install package

Execute the following command as root

dnf install flexnet_selinux

If you run the command for the first time without importing the GPG key, the fingerprint of the GPG key will be confirmed. Please check if it matches the following.

Userid     : "NIWA Naoya (flexnet_selinux) <mine@mine02c4.nagoya>"
Fingerprint: 7C91 B554 3F5E 0ACA C081 264F BE25 99DD B245 DCE6
From       : https://raw.githubusercontent.com/Mine02C4/flexnet_selinux/main/signature/public.gpg

Additional step : Relabel

If the policy was installed prior to FlexNet configuration, it will need to relabel. Please relabel with the following command.

restorecon -F -R -i -v /usr/local/bin/lmgrd
restorecon -F -R -i -v /usr/local/bin/lmutil
restorecon -F -R -i -v /usr/local/lib/flexnet
restorecon -F -R -i -v /usr/local/etc/flexnet

About

Installing this policy allows FlexNet to work under SELinux Enforcing environment. The policy restricts FlexNet's behavior whenever possible and mitigates security threats.

Topics

selinux flexlm selinux-policy

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v1.0 Latest
Nov 10, 2023

Packages

No packages published

Languages