making a file context change work for initrc_t and unconfined_t
Dominick Grift
dominick.grift at gmail.com
Fri Feb 3 09:02:47 UTC 2012
On Thu, 2012-02-02 at 18:36 -0500, Maria Iano wrote:
> I just noticed that I missed some duplicates. Here is a slightly
> shorter list. Now I know I can attach them so I won't paste them in
> again.
>
Alright. I have cleaned up my policy patch as well. It was very late
last night when i did it (or early this morning) There were some dupes,
typo's and other issues. Generally it was just a mess.
This is what your mylikewise.te file should look like: (except for the
line breaks, that is due to my e-mail client)
policy_module(mylikewise, 1.0.0)
optional_policy(`
gen_require(`
attribute likewise_domains;
type lwiod_t, netlogond_t, netlogond_var_socket_t, likewise_var_lib_t;
type lsassd_t, lwsmd_t, netlogond_var_lib_t, likewise_krb5_ad_t,
eventlogd_t;
')
stream_connect_pattern(lwiod_t, likewise_var_lib_t,
netlogond_var_socket_t, netlogond_t)
kernel_read_system_state(likewise_domains)
domain_dontaudit_search_all_domains_state(lsassd_t)
allow lwsmd_t likewise_var_lib_t:file write_file_perms;
allow lwsmd_t { netlogond_var_lib_t likewise_krb5_ad_t }:file
read_file_perms;
allow eventlogd_t likewise_var_lib_t:file rw_file_perms;
allow lwsmd_t self:process setpgid;
allow lwiod_t self:process setrlimit;
allow lwiod_t self:capability sys_resource;
')
..
To build it:
make -f /usr/share/selinux/devel/Makefile mylikewise.pp
to install it:
sudo semodule -i mylikewise.pp
More information about the selinux
mailing list