I have an app that need to have search access to all directories on the system.
I am trying to use this TE in my policy:allow myapp_t *:dir { search_dir_perms } ;
When compile with make, I am getting this error messages:
$ make
Compiling targeted myapp module
here it is /usr/share/selinux/devel/include
/usr/bin/checkmodule: loading policy configuration from tmp/myapp.tmp
myapp.te:678:ERROR '* not allowed in this type of rule' at token ';' on line 5114:
allow myapp_t *:dir { { getattr search open } };
/usr/bin/checkmodule: error(s) encountered while parsing configuration
/usr/share/selinux/devel/include/Makefile:154: recipe for target 'tmp/myapp.mod' failed
make: *** [tmp/myapp.mod] Error 1
I running on Fedora 25.
Thank you
Bassam
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
