Need to rebuild an old module with outdated syntax
Miroslav Grepl
mgrepl at redhat.com
Mon Jan 5 09:29:42 UTC 2015
On 01/05/2015 01:55 AM, Robert Nichols wrote:
> Would someone please help me translate this module into something that
> will build on a current system (CentOS 6, checkpolicy-2.0.22-1.el6):
>
> policy_module(procmail_uncon, 1.0.18)
>
> =============== cut ===================
> gen_require(`
> type unconfined_t;
> type unconfined_exec_t;
> type procmail_t;
> role system_r;
> ')
>
> type my_uncon_exec_t;
> files_type(my_uncon_exec_t)
>
> allow procmail_t unconfined_t : process { transition sigchld };
> domain_auto_trans(procmail_t, my_uncon_exec_t, unconfined_t)
> role system_r types unconfined_t;
You say you are not able to build the above policy module on CentOS 6?
> =============== cut ===================
>
> After many hours of Google searches, this is a close as I've been
> able to come:
> =============== cut ===================
> module procmail_uncon 1.1.0;
>
> require {
> type unconfined_t;
> type unconfined_exec_t;
> type procmail_t;
> role system_r;
> }
>
> type my_uncon_exec_t;
>
> allow procmail_t unconfined_t : process { transition siginh };
> role system_r types unconfined_t;
> =============== cut ===================
>
> I get an "unknown class process used in rule" from checkmodule.
>
> Looks like I'll be running my mail server with SELinux disabled for
> a while. I've already spent more time on this than it would take me
> to recover from a break in.
>
More information about the selinux
mailing list