Dipping into the policy waters

Alan Batie alan at batie.org
Wed Feb 29 01:39:03 UTC 2012 

I'm trying a simple "first policy" with Eclipse and SLIDE, and getting
an error I don't understand.  I'm hoping someone can point me in the
right direction:

Creating policy.xml
/usr/share/selinux/devel/include/support/segenxml.py: warning: unable to
find XML for interface peak_read_files()
/usr/share/selinux/devel/include/support/segenxml.py: warning: unable to
find XML for interface peak_read_config_files()
/usr/share/selinux/devel/include/support/segenxml.py: warning: orphan
XML comments at bottom of file ./peak_files.te
doc/policy.xml:65535: element module: validity error : Element module
content does not follow the DTD, expecting (summary , desc? , required?
, (interface | template)* , (bool | tunable)*), got (summary param
interface interface )
Document doc/policy.xml does not validate against
/usr/share/selinux/devel/include/support/policy.dtd
make: *** [doc/policy.xml] Error 3
Compiling targeted  peak_files module

I'm guessing that means I haven't defined the interfaces somewhere I
ought to, but I have them in the Interfaces (.if) tab:

############################################################
## <summary>
##	Access to reading peak files
## </summary>
## <param name="domain">
##	<summary>
##		Source domain to give access to
##	</summary>
## </param>
#
interface(`peak_read_files',`
    gen_require(`
        type peak_t;
    ')

    allow $1 peak_t:dir list_dir_perms;
    read_files_pattern($1,peak_t,peak_t)
')

############################################################
## <summary>
##	Access to reading peak config files
## </summary>
## <param name="domain">
##	<summary>
##		Source domain to give access to
##	</summary>
## </param>
#
interface(`peak_read_config_files',`
    gen_require(`
        type peak_config_t;
    ')

    allow $1 peak_config_t:dir list_dir_perms;
    read_files_pattern($1,peak_config_t,peak_config_t)
')


The .te file is simple enough:

policy_module(peak_files,1.0.0)

############################################################
## <summary>
##	Peak local configuration files and scripts
## </summary>

# domain for peak files
type peak_t;
# domain for peak configuration files
type peak_config_t;
# domain for peak scripts to run in
type peak_exec_t;

files_type(peak_t)
files_type(peak_config_t)

# peak things can read peak config files
read_files_pattern(peak_t,peak_config_t,peak_config_t)


For completeness, the .fc file:

/peak(/.*)?	gen_context(system_u:object_r:peak_t,s0))

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6238 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20120228/b2c6948e/attachment.p7s>

More information about the selinux mailing list