On Tuesday 09 November 2004 03:40, Tom London <selinux@xxxxxxxxx> wrote:
> Adding
> allow kudzu_t memory_device_t:chr_file { read write };
> produces
>
> /usr/bin/checkpolicy: loading policy configuration from policy.conf
> security: 5 users, 6 roles, 1323 types, 31 bools
> security: 53 classes, 313479 rules
> assertion on line 269956 violated by allow kudzu_t
> memory_device_t:chr_file { read write };
"head -269956 policy.conf |tail -1" gives the following:
neverallow { domain -privmem } memory_device_t:{ chr_file blk_file } { read
write append };
The solution is to add the privmem attribute to the declaration of kudzu_t:
daemon_base_domain(kudzu, `, etc_writer, privmodule, sysctl_kernel_writer,
fs_domain, privmem')
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
