On 01/05/2015 01:55 AM, Robert Nichols wrote:
Would someone please help me translate this module into something that
will build on a current system (CentOS 6, checkpolicy-2.0.22-1.el6):
policy_module(procmail_uncon, 1.0.18)
=============== cut ===================
gen_require(`
type unconfined_t;
type unconfined_exec_t;
type procmail_t;
role system_r;
')
type my_uncon_exec_t;
files_type(my_uncon_exec_t)
allow procmail_t unconfined_t : process { transition sigchld };
domain_auto_trans(procmail_t, my_uncon_exec_t, unconfined_t)
role system_r types unconfined_t;
You say you are not able to build the above policy module on CentOS 6?
=============== cut ===================
After many hours of Google searches, this is a close as I've been
able to come:
=============== cut ===================
module procmail_uncon 1.1.0;
require {
type unconfined_t;
type unconfined_exec_t;
type procmail_t;
role system_r;
}
type my_uncon_exec_t;
allow procmail_t unconfined_t : process { transition siginh };
role system_r types unconfined_t;
=============== cut ===================
I get an "unknown class process used in rule" from checkmodule.
Looks like I'll be running my mail server with SELinux disabled for
a while. I've already spent more time on this than it would take me
to recover from a break in.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
