The following seems to work as exec_type looks like the 'wildcard'.
At least I got rid of the alerts, so hopefully there are no side-effects.
Thx
Xavier
# cat keepalived-pidof.te
module keepalived-pidof 1.0;
require {
type keepalived_t;
type exec_type;
class file getattr;
}
#============= keepalived_t ==============
allow keepalived_t exec_type:file getattr;
# checkmodule -M -m -o keepalived-pidof.mod keepalived-pidof.te
# semodule_package -o keepalived-pidof.pp -m keepalived-pidof.mod
# semodule -i keepalived-pidof.pp
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
