Re: Dipping into the policy waters

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2012-02-29 at 13:54 +0000, Miroslav Grepl wrote:
> On 02/29/2012 01:39 AM, Alan Batie wrote: 
> > I'm trying a simple "first policy" with Eclipse and SLIDE, and getting
> > an error I don't understand.  I'm hoping someone can point me in the
> > right direction:
> > 
> > Creating policy.xml
> > /usr/share/selinux/devel/include/support/segenxml.py: warning: unable to
> > find XML for interface peak_read_files()
> > /usr/share/selinux/devel/include/support/segenxml.py: warning: unable to
> > find XML for interface peak_read_config_files()
> > /usr/share/selinux/devel/include/support/segenxml.py: warning: orphan
> > XML comments at bottom of file ./peak_files.te
> > doc/policy.xml:65535: element module: validity error : Element module
> > content does not follow the DTD, expecting (summary , desc? , required?
> > , (interface | template)* , (bool | tunable)*), got (summary param
> > interface interface )
> > Document doc/policy.xml does not validate against
> > /usr/share/selinux/devel/include/support/policy.dtd

It is complaining about your use of the XML headers.

Dont use them in type enforcement files:

############################################################
## <summary>
##      Peak local configuration files and scripts
## </summary>

Above is invalid i suspect

As for the errors in the interface files i am not sure but you need to
put a "##<summary></summary>" on the top of your interface file.

Make sure to use XML properly because troubleshooting errors in XML can
be very hard.

Look closely to other modules and how they use the XML. Just copy them
and change them to your requirements to avoid issues.

Also it is important that you stick to the style rules.
type peak_t is not a file type and if it is then it is named wrong.

If you want some interactive help with writing policy you can also come
join #fedora-selinux channel on irc://irc.freenode.net IRC network and
ping user grift.

I would be happy to give some guidance.

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux