<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 02/29/2012 01:39 AM, Alan Batie wrote:
<blockquote cite="mid:4F4D81B7.7050009@batie.org" type="cite">
<pre wrap="">I'm trying a simple "first policy" with Eclipse and SLIDE, and getting
an error I don't understand. I'm hoping someone can point me in the
right direction:
Creating policy.xml
/usr/share/selinux/devel/include/support/segenxml.py: warning: unable to
find XML for interface peak_read_files()
/usr/share/selinux/devel/include/support/segenxml.py: warning: unable to
find XML for interface peak_read_config_files()
/usr/share/selinux/devel/include/support/segenxml.py: warning: orphan
XML comments at bottom of file ./peak_files.te
doc/policy.xml:65535: element module: validity error : Element module
content does not follow the DTD, expecting (summary , desc? , required?
, (interface | template)* , (bool | tunable)*), got (summary param
interface interface )
Document doc/policy.xml does not validate against
/usr/share/selinux/devel/include/support/policy.dtd
make: *** [doc/policy.xml] Error 3
Compiling targeted peak_files module
I'm guessing that means I haven't defined the interfaces somewhere I
ought to, but I have them in the Interfaces (.if) tab:
############################################################
## <summary>
## Access to reading peak files
## </summary>
## <param name="domain">
## <summary>
## Source domain to give access to
## </summary>
## </param>
#
interface(`peak_read_files',`
gen_require(`
type peak_t;
')
allow $1 peak_t:dir list_dir_perms;
read_files_pattern($1,peak_t,peak_t)
')
############################################################
## <summary>
## Access to reading peak config files
## </summary>
## <param name="domain">
## <summary>
## Source domain to give access to
## </summary>
## </param>
#
interface(`peak_read_config_files',`
gen_require(`
type peak_config_t;
')
allow $1 peak_config_t:dir list_dir_perms;
read_files_pattern($1,peak_config_t,peak_config_t)
')
The .te file is simple enough:
policy_module(peak_files,1.0.0)
############################################################
## <summary>
## Peak local configuration files and scripts
## </summary>
# domain for peak files
type peak_t;
# domain for peak configuration files
type peak_config_t;
# domain for peak scripts to run in
type peak_exec_t;
files_type(peak_t)
files_type(peak_config_t)
# peak things can read peak config files
read_files_pattern(peak_t,peak_config_t,peak_config_t)
For completeness, the .fc file:
/peak(/.*)? gen_context(system_u:object_r:peak_t,s0))
</pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
--
selinux mailing list
<a class="moz-txt-link-abbreviated" href="mailto:selinux@lists.fedoraproject.org">selinux@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/selinux">https://admin.fedoraproject.org/mailman/listinfo/selinux</a></pre>
</blockquote>
What OS?<br>
</body>
</html>