Secure OS Software for Linux

Re: tlappinst for other apps

mike smith_17
Occasional Contributor

tlappinst for other apps

newbie - tlappinst installs only the 3 apps, what about others ? Shoudl I change to the compartment, install the app, and carry on ?
911 - please hold...
Hal Rottenberg
Frequent Advisor

Re: tlappinst for other apps


tlappinst is for "pre-integrated" applications. To install other applications first you should be familiar with the concepts in the admin and install guide. Then, you will need to do at least some minimal planning.

For most cases you will want a separate compartment for every service. This is not required, but this is how we intended it to be used.

I'll go through a really basic integration here and hopefully you can apply this to your scenario.

1) Install application / RPM.
2) Create comaprtment using 'tlcompadd -i '.
3) Edit scripts in /etc/tlinux//init to start and shutdown the service when called.
4) Add communication rules to the file /etc/tlinux/rules/.
5) Add filesystem rules to the file /etc/tlinux/fs/.
6) Start and test the compartment.

The longest steps are defining the rules. Sometimes it will be straightforward. For example HTTP needs one or two inbound ports and read access to binaries and libraries and write access to a log directory.

Hope this helps.
If at first you don't succeed, then skydiving isn't for you.