Edward Kuns wrote:
I know I must be doing something wrong, but hours and hours of googling
have not turned up any help. The following is in myclamav.te:
module myclamav 1.0;
require {
type shell_exec_t;
type sendmail_exec_t;
type bin_t;
type clamd_t;
class dir search;
class file { execute getattr };
}
mta_send_mail(clamd_t);
#============= clamd_t ==============
allow clamd_t bin_t:dir search;
allow clamd_t sendmail_exec_t:file { execute getattr };
allow clamd_t shell_exec_t:file getattr;
As root, I run:
checkmodule -m myclamav.te
which if I understand things will compile the TE file into a PP file
which I can load. However, it complains about a syntax error on the
mta_send_mail line. I've tried a lot of variations, but I cannot make
this file compile.
Looking for examples, I look in /etc/selinux/targeted/src, but the "src"
directory does not exist. I believe I have all RPMs installed that I
need:
# rpm -qa 'selinux*' 'setroubleshoot*' 'setools*'
selinux-policy-targeted-3.0.8-87.fc8
setools-console-3.3.1-7.fc8
selinux-policy-devel-3.0.8-87.fc8
selinux-doc-1.26-1.1
selinux-policy-3.0.8-87.fc8
setroubleshoot-server-2.0.5-2.fc8
setroubleshoot-2.0.5-2.fc8
setroubleshoot-plugins-2.0.4-3.fc8
setools-3.3.1-7.fc8
setools-libs-tcl-3.3.1-7.fc8
setools-libs-3.3.1-7.fc8
setools-gui-3.3.1-7.fc8
I know I must be missing something obvious, but I am out of clues.
You need to install the selinux-policy SRPM and "prep" it to read
through the main policy source.
See http://www.city-fan.org/tips/BuildSeLinuxPolicyModules (section
"Examining Policy Sources").
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
