OK, I got the base policy compiled and installed, and now trying to add a policy that uses one of its interfaces: ----- policy_module(bypass,1.0.0) # bypass.validate process type type bypass_t; # bypass.validate executable file type type bypass_exec_t; # when bypass.validate is run from apache, transition to # the bypass_t execution domain apache_cgi_domain(bypass_t, bypass_exec_t) # allow bypass.validate to run ifconfig, can_exec(bypass_t, ifconfig_exec_t) peak_read_config_files(bypass_t) ----- The problem is I get a syntax error on the interface call "peak_read_config_files" - it appears that it doesn't know it exists. I did install it with "semodule -i peak_files.pp". I'm not sure what I need to do to reference it...
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
