netpython wrote:
Sry to bother you with my n00b questions.
I used lsof to get a better understanding on what files
are opened.The te files are now: run-mozilla.te and firefox-bin.te
However the checkpolicy tool complains about an error in
the policy made by the policygentool.
Keep questions on list for the benefit of others.
the immediate error is that you can't have a '-' in a module name. Just
out of curiosity why aren't you just using the mozilla/firefox policies
in refpolicy? you should be able to build the module (make mozilla.pp)
and then insert it with semodule -i mozilla.pp
run-mozilla.te:
-------------------
policy_module(run-mozilla,1.0.0)
########################################
#
# Declarations
#
type run-mozilla_t;
type run-mozilla_exec_t;
domain_type(run-mozilla_t)
init_daemon_domain(run-mozilla_t, run-mozilla_exec_t)
########################################
#
# run-mozilla local policy
#
# Check in /etc/selinux/refpolicy/include for macros to use instead of
allow rules.
# Some common macros (you might be able to remove some)
files_read_etc_files(run-mozilla_t)
libs_use_ld_so(run-mozilla_t)
libs_use_shared_libs(run-mozilla_t)
miscfiles_read_localization(run-mozilla_t)
## internal communication is often done using fifo and unix sockets.
allow run-mozilla_t self:fifo_file { read write };
allow run-mozilla_t self:unix_stream_socket create_stream_socket_perms;
# Init script handling
init_use_fds(run-mozilla_t)
init_use_script_ptys(run-mozilla_t)
domain_use_interactive_fds(run-mozilla_t)
------------------------------------------------------
firefox-bin.te:
policy_module(firefox-bin,1.0.0)
########################################
#
# Declarations
#
type firefox-bin_t;
type firefox-bin_exec_t;
domain_type(firefox-bin_t)
init_daemon_domain(firefox-bin_t, firefox-bin_exec_t)
########################################
#
# firefox-bin local policy
#
# Check in /etc/selinux/refpolicy/include for macros to use instead of
allow rules.
# Some common macros (you might be able to remove some)
files_read_etc_files(firefox-bin_t)
libs_use_ld_so(firefox-bin_t)
libs_use_shared_libs(firefox-bin_t)
miscfiles_read_localization(firefox-bin_t)
## internal communication is often done using fifo and unix sockets.
allow firefox-bin_t self:fifo_file { read write };
allow firefox-bin_t self:unix_stream_socket create_stream_socket_perms;
# Init script handling
init_use_fds(firefox-bin_t)
init_use_script_ptys(firefox-bin_t)
domain_use_interactive_fds(firefox-bin_t)
------------------------------------------------------
Errors i get:
Compiling targeted firefox-bin module
/usr/bin/checkmodule: loading policy configuration from
tmp/firefox-bin.tmp
firefox-bin.te:1:ERROR 'syntax error' at token 'firefox-bin' on line
57284:
module firefox-bin 1.0.0;
#line 1
/usr/bin/checkmodule: error(s) encountered while parsing configuration
make: *** [tmp/firefox-bin.mod] Error 1
In /usr/share/selinux/devel/include/apps there's a mozilla.if file.
What could i do with it? I searched in the doc's and now know it's
an interface file,but other than that...
kind regards,
Peter
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
