Thanks Steven.
Is there an interface close to this logic?
allow myapp_t *:process signull;
On Fri, Feb 3, 2017 at 10:40 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
On Fri, 2017-02-03 at 10:22 -0800, Bassam Alsanie wrote:
> I have an app that need to have search access to all directories on
> the system.
> I am trying to use this TE in my policy:
>
> > allow myapp_t *:dir { search_dir_perms } ;
>
> When compile with make, I am getting this error messages:
>
> > $ make
> > Compiling targeted myapp module
> > here it is /usr/share/selinux/devel/include files_search_all(myapp_t)
> > /usr/bin/checkmodule: loading policy configuration from
> > tmp/myapp.tmp
> > myapp.te:678:ERROR '* not allowed in this type of rule' at token
> > ';' on line 5114:
> > allow myapp_t *:dir { { getattr search open } };
> >
> > /usr/bin/checkmodule: error(s) encountered while parsing
> > configuration
> > /usr/share/selinux/devel/include/Makefile:154: recipe for target
> > 'tmp/myapp.mod' failed
> > make: *** [tmp/myapp.mod] Error 1
>
> I running on Fedora 25.
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx