On Fri, 2006-10-13 at 20:31 +0100, Robin Bowes wrote:
Stephen Smalley wrote:
> On Fri, 2006-10-13 at 19:51 +0100, Robin Bowes wrote:
>> allow xm_t fixed_disk_device_t:blk_file read;
>>From the above, you are still directly allowing read access to a fixed
> disk device rather than using the storage_raw_read_fixed_disk()
> interface. IOW, replace your 'allow xm_t fixed_disk_device_t:blk_file
> read;' statement with:
Ah, right. That was what I was missing.
I removed that line and ran the make and got these errors:
I found I had to add all the missing classes and permissions.
Or, alternatively, replace:
module local 1.0;
with the standard module prologue:
This brings in the class/permission requires automatically.
This version of xen.te builds and installs cleanly:
So, how do I find out more about this? How would I know that
like storage_raw_read_fixed_disk(xm_t) exist, and what they mean?
Interface documentation is
/usr/share/selinux/devel/policyhelp is a trivial one-line script to
launch a browser on it.
Also available at:
An IDE is under development. Available from:
National Security Agency