On Wed, 2008-03-05 at 22:38 -0600, Edward Kuns wrote:
> I know I must be doing something wrong, but hours and hours of googling
> have not turned up any help. The following is in myclamav.te:
>
> module myclamav 1.0;
>
> require {
> type shell_exec_t;
> type sendmail_exec_t;
> type bin_t;
> type clamd_t;
> class dir search;
> class file { execute getattr };
> }
>
> mta_send_mail(clamd_t);
>
> #============= clamd_t ==============
> allow clamd_t bin_t:dir search;
> allow clamd_t sendmail_exec_t:file { execute getattr };
> allow clamd_t shell_exec_t:file getattr;
>
>
> As root, I run:
>
> checkmodule -m myclamav.te
When building policy modules that use refpolicy interfaces, you need to
use the refpolicy build infrastructure. yum install
selinux-policy-devel and make -f /usr/share/selinux/devel/Makefile
myclamav.pp.
--
Stephen Smalley
National Security Agency
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
