Hello,
I'm trying to write a module for my custom service that will execute as a separate user. However, I'm having problems creating an SELinux user in the module. When I call make, I get a syntax error. Below is a simple module that reproduces the problem.
Everything compiles when I comment out the 'allow' line. I can install the module and see my user in semanage. Everything also compiles when I comment out the 'gen_user' line. It only fails when there is something after the 'gen_user'.
Can someone tell me the proper syntax for creating a user in a module?
******** BEGIN MODULE ********
module mytest 1.0;
require {
sensitivity s0;
class file { read };
}
type mytest_t;
role mytest_r types { mytest_t };
gen_user( mytest_u, user, mytest_r, s0, s0 )
allow mytest_t self:file read;
******** END MODULE ********
Thanks,
Andrew Ruch
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
