On 14/06/2016, 10:38 PM, "Simon Sekidde" <ssekidde(a)redhat.com> wrote:
----- Original Message -----
> From: "Douglas Brown" <doug.brown(a)qut.edu.au>
> To: "SELinux Fedora List" <selinux(a)lists.fedoraproject.org>
> Sent: Monday, June 13, 2016 8:52:40 PM
> Subject: RHEL 7 shutdown_run interface
>
> Hi all,
>
> In the process of porting policies from RHEL 6 to 7, I’m having an issue with
> the shutdown_run interface.
>
> The trivial te file below compiles and loads fine on RHEL 6.7:
>
> policy_module(test, 0.1)
>
> require {
> role staff_r;
> type staff_t;
> }
>
> shutdown_run(staff_t, staff_r)
>
> However, there appears to be a bug in RHEL 7.2, because loading with semodule
> gives the error: "libsepol.print_missing_requirements: test's global
> requirements were not met: role shutdown_roles (No such file or directory)"
>
I believe you also need shutdown_role(staff_r,staff_t) for this to compile
Thanks Simon, you’re right, shutdown_role is the right way to go, but it produced the same
error when trying to load.
Cheers,
Doug