eggdrop policy module
Luciano Furtado
lrfurtado at yahoo.com.br
Mon Mar 28 00:32:27 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi guys,
I started creating my policy module for the eggdrop irc bot. I am
getting stuck on simple task. I want to add a transition from
unconfined_t to eggdrop_t when I run a eggdrop_exec_t file.
This is what I have:
policy_module(eggdrop, 1.0.0)
########################################
## Declarations#gen_require(`
type unconfined_t;
')
type eggdrop_t;
type eggdrop_exec_t;
application_executable_file(eggdrop_exec_t)
type eggdrop_conf_t;
files_config_file(eggdrop_conf_t)
corenet_tcp_connect_ircd_port(eggdrop_t)
corenet_tcp_sendrecv_ircd_port(eggdrop_t)
domain_auto_trans(unconfined_t,eggdrop_exec_t,eggdrop_t)
This is what I get when I try to load this policy module:
lrfurtado:~/selinux/eggdrop# make load
Loading default modules: eggdrop
/usr/sbin/semodule -i eggdrop.pp
libsepol.check_assertion_helper: neverallow violated by allow
unconfined_t eggdrop_t:process { transition };
libsemanage.semanage_expand_sandbox: Expand module failed
/usr/sbin/semodule: Failed!
make: *** [tmp/loaded] Error 1
lrfurtado:~/selinux/eggdrop#
What's the proper way of accomplishing this?
On 11-03-25 15:24, Dominick Grift wrote:
> On 03/25/2011 08:16 PM, Luciano Furtado wrote:
>> Thanks Dominick,
>
>> I will use this as an exercise on how to create a new policy module. I
>> hope you guys can tolerate my newbie questions for a while.
>
> I created some screen casts and put them on youtube that show some of this:
>
> Write a policy module part 1 to 4 (on fedora):
>
> part 1: http://www.youtube.com/watch?v=s4EyoW_7riQ
> part 2: http://www.youtube.com/watch?v=G5gUt1-ttGg
> part 3: http://www.youtube.com/watch?v=nbFnchVAgYs
> part 4: http://www.youtube.com/watch?v=rUGBgzTr92A
>
> Some other examples:
>
> part 1: http://www.youtube.com/watch?v=sBI50O84NLo
> part 2: http://www.youtube.com/watch?v=ATTJ5xUKH1E
> part 3: http://www.youtube.com/watch?v=e3cQNi3bi70
>
> may or may not be helpful.
>
>> Best Regards.
>> Luciano
>
>
>> On 11-03-25 14:29, Dominick Grift wrote:
>>> On 03/25/2011 07:09 PM, Luciano Furtado wrote:
>>>> Hi Group,
>
>>>> Does eggdrop has a selinux policy module? if so starting on which fedora
>>>> version?
>
>
>>> The only reference that i could find to it was:
>
>>> "You can find a copy of my irssi policy here
>>> http://pastebin.ca/768256?srch=irssi_exec_t it also includes policy for
>>> eggdrop and manual pages"
>
>>> - From my 2008 article
>>> "http://domg472.blogspot.com/2008/05/how-to-create-integrate-and-rebuild.html"
>
>>> Unfortunately seems "pastebin.ca" no longer exists. I can no longer
>>> access the site.
>
>
>>>> I am looking to get the sources for it , build / install it on my Debian
>>>> installation which doesn't seem to have a module for it.
>
>
>>>> Best Regards.
>>>> Luciano
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJNj9cbAAoJEEJ82UW2OvvtjGoIAJApWfypxF3izFRPnRlf2Y2y
jQ6ravueHtLxUb0Ml2tIV7EJXstpMF9ALTDSkWhjWwbzQpZ15mitEweFL2OFopZ7
WwvXA9OoPupjzp/9EpAcmoP+PHDQC5YOr+vju6AKCf86DJDocivr9i4Ny11IatoM
SBa7+68VHHZ6kBYFx+iok/qe4cKOWG7Qa94TPjRQp/5dTKgAURCTKN42H7xeR78Y
L6FBeG9wOIElbtEcbbRdPAuEp4qpWaWPR6wfjkk6nigbw/NwiFB0rtTjHxPiTlvj
5WaftuYdFkmX+NnPtIstg36TVNCBVBYAJyIlLUYdjPwk3sQqHJLSDF12tEz6qOs=
=ZHmp
-----END PGP SIGNATURE-----
More information about the selinux
mailing list