local.te (was Re: avc: denied { ioctl }?
Hongwei Li
hongwei at wustl.edu
Thu Jun 9 13:25:09 UTC 2005
> On Wed, 08 Jun 2005 09:28:20 CDT, Hongwei Li said:
>
>> but no local.te. I don't see it under domain/program/ either. Then, what
>> file should I run the above command to?
>
> You don't have a domain/program/local.te yet because you haven't done any
> local
> changes to ruleset yet. Go ahead and create it if you decide to 'dontaudit'
> that
> one avc.
I created a file local.te under /etc/selinux/targeted/src/policy/domains/program/
and run:
# echo "dontaudit httpd_sys_script_t proc_t:file ioctl;" >> local.te
Now, this file has one line
dontaudit httpd_sys_script_t proc_t:file ioctl;
Then, when I run "make load", I got:
# make load
mkdir -p tmp
( cd domains/program/ ; for n in *.te ; do echo "define(\`$n')"; done ) >
tmp/program_used_flags.te.tmp
( cd domains/misc/ ; for n in *.te ; do echo "define(\`$n')"; done ) >>
tmp/program_used_flags.te.tmp
mv tmp/program_used_flags.te.tmp tmp/program_used_flags.te
make: *** No rule to make target `file_contexts/program/local.fc', needed by
`file_contexts/file_contexts'. Stop.
What should I put in file_contexts/program/local.fc?
Thanks!
Hongwei
More information about the selinux
mailing list