Dipping into the policy waters
Alan Batie
alan at batie.org
Thu Mar 1 01:38:53 UTC 2012
OK, I got the base policy compiled and installed, and now trying to add
a policy that uses one of its interfaces:
-----
policy_module(bypass,1.0.0)
# bypass.validate process type
type bypass_t;
# bypass.validate executable file type
type bypass_exec_t;
# when bypass.validate is run from apache, transition to
# the bypass_t execution domain
apache_cgi_domain(bypass_t, bypass_exec_t)
# allow bypass.validate to run ifconfig,
can_exec(bypass_t, ifconfig_exec_t)
peak_read_config_files(bypass_t)
-----
The problem is I get a syntax error on the interface call
"peak_read_config_files" - it appears that it doesn't know it exists. I
did install it with "semodule -i peak_files.pp". I'm not sure what I
need to do to reference it...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6238 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20120229/20bde98b/attachment.p7s>
More information about the selinux
mailing list