Adding the role line doesn't seem to make a difference. I was under the impression that the role declaration statement could have associated types on the same line.
----- Original Message -----
From: Daniel J Walsh <dwalsh@xxxxxxxxxx>
To: Andy Ruch <adruch2002@xxxxxxxxx>
Cc: "selinux@xxxxxxxxxxxxxxxxxxxxxxx" <selinux@xxxxxxxxxxxxxxxxxxxxxxx>
Sent: Wednesday, November 14, 2012 11:53 AM
Subject: Re: Problem creating user in loadable module
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/14/2012 01:25 PM, Andy Ruch wrote:
> Hello,
>
> I'm trying to write a module for my custom service that will execute as a
> separate user. However, I'm having problems creating an SELinux user in the
> module. When I call make, I get a syntax error. Below is a simple module
> that reproduces the problem.
>
> Everything compiles when I comment out the 'allow' line. I can install the
> module and see my user in semanage. Everything also compiles when I comment
> out the 'gen_user' line. It only fails when there is something after the
> 'gen_user'.
>
> Can someone tell me the proper syntax for creating a user in a module?
>
>
> ******** BEGIN MODULE ********
>
> module mytest 1.0;
>
> require { sensitivity s0; class file { read }; }
>
> type mytest_t;
>
role mytest_r;
> role mytest_r types { mytest_t }; gen_user( mytest_u, user, mytest_r, s0,
> s0 )
>
> allow mytest_t self:file read;
>
> ******** END MODULE ********
>
>
> Thanks, Andrew Ruch -- selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iEYEARECAAYFAlCj6KMACgkQrlYvE4MpobMmzwCfakY7UTGIZHWVSuWI6Z6GdCFY
imYAn2EIjYKY3CaCxSgWfdjViS2sebDM
=5gwJ
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
