How do I create an initial policy for a new app?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

using the polgengui, i get an error that the type is unknown (see below).

 

I compared the generated files to /usr/share/selinux/devel/example.*

I can see that I need to add the initial type myapp2_t;

 

... there are some other differences.  For example:

 

Polgengui's myapp2.te:

corecmd_executable_file(pbrun_exec_t)

 

example.te:

domain_type(myapp_t)

domain_entry_file(myapp_t, myapp_exec_t)

 

Do these accomplish essentially the same thing?

 

 

Thanks,

Brian

 

 

+ . ./myapp2.sh

++ set -x

++ make -f /usr/share/selinux/devel/Makefile

Compiling targeted myapp2 module

/usr/bin/checkmodule:  loading policy configuration from tmp/myapp2.tmp

myapp2.te:22:ERROR 'unknown type myapp2_t' at token ';' on line 83532:

 

allow myapp2_t myapp2_rw_t:file { create getattr setattr read write append rename link unlink ioctl lock };

/usr/bin/checkmodule:  error(s) encountered while parsing configuration

make: *** [tmp/myapp2.mod] Error 1

++ /usr/sbin/semodule -i myapp2.pp

libsepol.check_assertion_helper: assertion on line 0 violated by allow myapp2_t system_chkpwd_t:process { transition };

libsepol.check_assertion_helper: assertion on line 0 violated by allow myapp2_t updpwd_t:process { transition };

libsepol.check_assertion_helper: assertion on line 0 violated by allow system_chkpwd_t myapp2_t:process { sigchld };

libsepol.check_assertion_helper: assertion on line 0 violated by allow updpwd_t myapp2_t:process { sigchld };

libsepol.check_assertions: 4 assertion violations occured

libsemanage.semanage_expand_sandbox: Expand module failed

/usr/sbin/semodule:  Failed!

++ /sbin/restorecon -F -R -v /usr/local/bin/myapp2

/sbin/restorecon reset /usr/local/bin/myapp2 context system_u:object_r:bin_t:s0->system_u:object_r:bin_t:s0

++ /sbin/restorecon -F -R -v /etc/pb.settings

/sbin/restorecon reset /etc/pb.settings context system_u:object_r:etc_t:s0->system_u:object_r:etc_t:s0

++ /usr/sbin/semanage port -a -t myapp2_port_t -p tcp 23000

libsepol.context_from_record: type myapp2_port_t is not defined

libsepol.context_from_record: could not create context structure

libsepol.port_from_record: could not create port structure for range 23000:23000 (tcp)

libsepol.sepol_port_modify: could not load port range 23000 - 23000 (tcp)

libsemanage.dbase_policydb_modify: could not modify record value

libsemanage.semanage_base_merge_components: could not merge local modifications into policy

/usr/sbin/semanage: Could not add port tcp/23000

++ echo -ne '\033]0;root@localhost:~'

[root@localhost ~]#

 

`

 

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux