Re: "invalid security context" in custom policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




----- Original Message -----
> From: "Tracy Reed" <treed@xxxxxxxxxxxxxxx>
> To: selinux@xxxxxxxxxxxxxxxxxxxxxxx
> Sent: Tuesday, April 28, 2015 6:48:05 PM
> Subject: Re: "invalid security context" in custom policy
> 
> On Tue, Apr 28, 2015 at 12:11:05PM PDT, Tracy Reed spake thusly:
> > libsepol.context_from_record: invalid security context:
> > "myapp_u:myapp_r:myapp_api_t:s0"
> 
> Solved: When declaring your own file contexts use object_r for the role
> instead
> of a user role in your .fc file.
> 
> Still having an issue with this one though:
> 
> > And while I'm posting I may as well ask: When I uncomment the
> > logging_log_file(mypp_logs_t) type attribute above I get this error:
> > 
> > Compiling targeted myapp module
> > /usr/bin/checkmodule:  loading policy configuration from tmp/myapp.tmp
> > myapp.te":42:ERROR 'unknown class filesystem used in rule' at token ';' on
> > line 1301:
> >     allow myapp_logs_t tmp_t:filesystem associate;
> > #line 42
> >     /usr/bin/checkmodule:  error(s) encountered while parsing configuration
> >     make: *** [tmp/myapp.mod] Error 1
> > 

Probably need something like 

 class filesystem { associate };

inside the require { } along with this statement 

 allow myapp_tmp_t myapp_logs_t: filesystem associate;

> > 
> > All tips are greatly appreciated!
> > 
> > --
> > Tracy Reed
> 
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux

-- 
Simon Sekidde * Red Hat, Inc. * Westford, MA
gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E 

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux