Re: Creating and packaging a new policy module
On Thu, 2013-08-22 at 09:09 +0200, Dominick Grift wrote:
allow gogoc_t radvd_etc_t:file manage_file_perms; if this file gets
created by gogoc_t, then this probably needs a file type transition rule
as well, since the config file is located in /etc/ so without a type
transition rule the file would be created with type etc_t instead of
type radvd_etc_t
Actually, now i see what you are trying to do:
/var/run/gogoc/gogoc-rtadvd.conf gen_context(system_u:object_r:radvd_etc_t,s0)
So the config file is in /var/run/gogoc/gogoc-rtadvd.conf instead of /etc
remove this fc spec and remove these rules:
gogoc_read_pid_files(radvd_t) # For radvd to read the generated config file
allow gogoc_t radvd_etc_t:file manage_file_perms; # Create config file for radvd
allow radvd_t gogoc_var_run_t:file rw_file_perms;
instead just allow radvd_t to manage gogoc_var_run_t files:
manage_files_pattern(radvd_t, gpgpc_var_run_t, gogoc_var_run_t)