On 11/03/2011 08:30, Artur Szymczak wrote:
> Hi,
>
> how can kernel distinguishes objects in system and object in policy?
> I
> mean. How kernel know, that this allow rule is correct to /etc/passwd
> and not correct for /etc itself (as dir):
> allow httpd_t etc_t : file { ioctl read getattr lock open } ;
>
> Ok, it is written in policy, that it is a file, but it is only a
> object
> class. Is it defined somewher, that object class 'file' is file, and
> object class 'dir' is directory?
>
> How can I create new object class named foo, which will be usedd for
> named_pipe?
>
> Regards
Apologies if this goes through twice I sent it from the wrong email
address.
With regards to adding a new object class and permission this link goes
over how to add permissions but you can use the same technique for
adding an object class as well. [1]
[1]http://www.selinuxproject.org/page/Adding_New_Permissions
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
