On Fri, 2006-04-21 at 11:02 +0100, Paul Howarth wrote:
> Paul Howarth wrote:
> module procmail 0.1;
>
> require {
[cut]
> class dir { add_name getattr read remove_name search write };
> class file { append create execute execute_no_trans getattr ioctl lock read rename unlink write };
> class lnk_file read;
> class process { noatsecure sigchld siginh transition rlimitinh };
> class fd { use };
> class fifo_file { getattr read write append ioctl lock };
[cut]
> This does seem to work but surely there's a tidier way of handling those
> class requirements? What am I missing?
You want to use the "policy_module(procmail,0.1)" macro instead of the
module statement at the top. It adds all of the kernel object classes,
so you don't have to write them all out.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
