CentOS/RHEL 6 SELinux permissions.

ext/installfiles/linux/zerotier-one.te

@@ -0,0 +1,14 @@
+
+module zerotier-one 1.0;
+
+require {
+	type unconfined_t;
+	type initrc_t;
+	class memprotect mmap_zero;
+}
+
+#============= initrc_t ==============
+allow initrc_t self:memprotect mmap_zero;
+
+#============= unconfined_t ==============
+allow unconfined_t self:memprotect mmap_zero;

make-linux.mk

@@ -418,6 +418,7 @@ install:	FORCE
 	rm -f $(DESTDIR)/usr/share/man/man1/zerotier-cli.1.gz
 	cat doc/zerotier-cli.1 | gzip -9 >$(DESTDIR)/usr/share/man/man1/zerotier-cli.1.gz
 	cat doc/zerotier-idtool.1 | gzip -9 >$(DESTDIR)/usr/share/man/man1/zerotier-idtool.1.gz
+	cp ext/installfiles/linux/zerotier-one.te /var/lib/zerotier-one/zerotier-one.te
 
 # Uninstall preserves identity.public and identity.secret since the user might
 # want to save these. These are your ZeroTier address.

zerotier-one.spec

@@ -121,6 +121,18 @@ case "$1" in
     chkconfig --add zerotier-one
   ;;
 esac
+if [ -x /usr/bin/checkmodule -a -x /usr/bin/semodule_package -a -x /usr/bin/semodule ]; then
+  rm -f /var/lib/zerotier-one/zerotier-one.mod
+  /usr/bin/checkmodule -M -m -o /var/lib/zerotier-one/zerotier-one.mod /var/lib/zerotier-one/zerotier-one.te
+  if [ -f /var/lib/zerotier-one/zerotier-one.pp ]; then
+    rm -f /var/lib/zerotier-one/zerotier-one.pp
+    /usr/bin/semodule_package -o /var/lib/zerotier-one/zerotier-one.pp -m /var/lib/zerotier-one/zerotier-one.mod
+    /usr/bin/semodule -u /var/lib/zerotier-one/zerotier-one.pp
+  else
+    /usr/bin/semodule_package -o /var/lib/zerotier-one/zerotier-one.pp -m /var/lib/zerotier-one/zerotier-one.mod
+    /usr/bin/semodule -i /var/lib/zerotier-one/zerotier-one.pp
+  fi
+fi
 %endif
 
 %preun