-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/14/2012 01:25 PM, Andy Ruch wrote:
Hello,
I'm trying to write a module for my custom service that will execute as a
separate user. However, I'm having problems creating an SELinux user in the
module. When I call make, I get a syntax error. Below is a simple module
that reproduces the problem.
Everything compiles when I comment out the 'allow' line. I can install the
module and see my user in semanage. Everything also compiles when I comment
out the 'gen_user' line. It only fails when there is something after the
'gen_user'.
Can someone tell me the proper syntax for creating a user in a module?
******** BEGIN MODULE ********
module mytest 1.0;
require { sensitivity s0; class file { read }; }
type mytest_t;
role mytest_r;
role mytest_r types { mytest_t }; gen_user( mytest_u, user, mytest_r,
s0,
s0 )
allow mytest_t self:file read;
******** END MODULE ********
Thanks, Andrew Ruch -- selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://www.enigmail.net/
iEYEARECAAYFAlCj6KMACgkQrlYvE4MpobMmzwCfakY7UTGIZHWVSuWI6Z6GdCFY
imYAn2EIjYKY3CaCxSgWfdjViS2sebDM
=5gwJ
-----END PGP SIGNATURE-----