Louis Lam wrote:
> My mistakes, apologies for the confusion, under part 2, I was trying to do domain_auto_trans instead of doman_entry_file, so...
>
> 2. Created a domain transition so that the vmware user programs e.g.
> /usr/lib/vmplayer script, /usr/lib/vmware/bin/vmplayer that are
> labelleled system_u:object_r:vmware_exec_t will transit to
> system_u:object_r:vmware_t when executed. I put it also in vmware.te:
>
> domain_auto_trans($1_t, vmware_exec_t, $1_vmware_t)
>
> but
> on making the vmware.pp module I get this warning and error:
>
> 'syntax error' at token '1' on line 81143:
> #line 13
> allow $1_t vmware_exec_t: file {getattr read execute};
this rule is generated by domain_auto_trans, so i think the
syntax error should be caused by other rules.
you may check other rules in your policy.
>
> Thanks in advance,
> Louis
>
>
> ----- Original Message ----
> From: Louis Lam <lshoujun@xxxxxxxxx>
> To: Daniel J Walsh <dwalsh@xxxxxxxxxx>
> Cc: fedora-selinux-list@xxxxxxxxxx
> Sent: Friday, July 27, 2007 5:05:05 AM
> Subject: Re: Containing vmware player 2.0.0 with SELINUX
>
> Thanks Daniel for the information, hi everyone
>
> I've tried to make the following changes:
>
> 1. Defined the vmware_t type in vmware.te:
> type vmware_t;
>
> I need to do this since I'm trying to let the vmware user program run under vmware_t domain but this is not defined. In terms of overall code compliance is it correct to define here? or should be at the vmware.if?
type definition should be in vmware.te
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
