[selinux-policy: 694/3172] update with change to how classes are handled in gen_require
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 20:04:54 UTC 2010
commit 1d85c7a7c6935373f51772a5b7d2eff769f7cc0c
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Sep 22 21:56:50 2005 +0000
update with change to how classes are handled in gen_require
www/html/getting-started.html | 9 +++------
1 files changed, 3 insertions(+), 6 deletions(-)
---
diff --git a/www/html/getting-started.html b/www/html/getting-started.html
index e26f350..b840788 100644
--- a/www/html/getting-started.html
+++ b/www/html/getting-started.html
@@ -85,9 +85,6 @@ documentation. Create myapp.if and add the following:
interface(`myapp_domtrans',`
gen_requires(`
type myapp_t, myapp_exec_t;
- class fd use;
- class process sigchld;
- class fifo_file rw_file_perms;
')
domain_auto_trans($1,myapp_exec_t,myapp_t)
@@ -107,7 +104,6 @@ interface(`myapp_domtrans',`
interface(`myapp_read_log',`
gen_requires(`
type myapp_log_t;
- class file r_file_perms;
')
logging_search_logs($1)
@@ -123,6 +119,7 @@ transition to myapp_t, by executing a program labeled myapp_exec_t.
The second interface allows other domains to read myapp's log files. Myapp's
log files are in the /var/log directory, so the access to search the /var/log
directory is also given by the interface. The gen_requires() macro is used to
-support loadable policy modules, and must explicitly list the type, attributes,
-object classes, and permissions used by this interface.
+support loadable policy modules, and must explicitly list the type and attributes
+used by this interface. If object classes of a userland object manager are used,
+the class and the permissions used by the interface must also be listed.
</p>
More information about the scm-commits
mailing list