Re: Allow rule to read access all types.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Steven. 
Is there an interface close to this logic?

allow myapp_t *:process signull;





On Fri, Feb 3, 2017 at 10:40 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
On Fri, 2017-02-03 at 10:22 -0800, Bassam Alsanie wrote:
> I have an app that need to have search access to all directories on
> the system. 
> I am trying to use this TE in my policy:
>
> > allow myapp_t *:dir { search_dir_perms } ;
>
> When compile with make, I am getting this error messages:
>
> > $ make
> > Compiling targeted myapp module
> > here it is /usr/share/selinux/devel/include
> > /usr/bin/checkmodule:  loading policy configuration from
> > tmp/myapp.tmp
> > myapp.te:678:ERROR '* not allowed in this type of rule' at token
> > ';' on line 5114:
> > allow myapp_t *:dir { { getattr search open } };
> >
> > /usr/bin/checkmodule:  error(s) encountered while parsing
> > configuration
> > /usr/share/selinux/devel/include/Makefile:154: recipe for target
> > 'tmp/myapp.mod' failed
> > make: *** [tmp/myapp.mod] Error 1
>
> I running on Fedora 25.

files_search_all(myapp_t)


_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux