Re: Allow rule to read access all types.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Great, thanks again. That will make me busy little bit :)

On Fri, Feb 3, 2017 at 11:26 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
On Fri, 2017-02-03 at 11:13 -0800, Bassam Alsanie wrote:
> Thanks Steven. 
> Is there an interface close to this logic?
>
> allow myapp_t *:process signull;

You can browse for interfaces by installing selinux-policy-doc (or in
older releases, selinux-policy-devel) and running
/usr/share/selinux/devel/policyhelp to open the interface docs in a
browser.  Upstream refpolicy also provides its generated docs online
at http://oss.tresys.com/docs/refpolicy/api/

Looks like domain_signull_all_domains(myapp_t) should do it for you.

>
>
>
>
>
> On Fri, Feb 3, 2017 at 10:40 AM, Stephen Smalley <sds@xxxxxxxxxxxxx>
> wrote:
> > On Fri, 2017-02-03 at 10:22 -0800, Bassam Alsanie wrote:
> > > I have an app that need to have search access to all directories
> > on
> > > the system. 
> > > I am trying to use this TE in my policy:
> > >
> > > > allow myapp_t *:dir { search_dir_perms } ;
> > >
> > > When compile with make, I am getting this error messages:
> > >
> > > > $ make
> > > > Compiling targeted myapp module
> > > > here it is /usr/share/selinux/devel/include
> > > > /usr/bin/checkmodule:  loading policy configuration from
> > > > tmp/myapp.tmp
> > > > myapp.te:678:ERROR '* not allowed in this type of rule' at
> > token
> > > > ';' on line 5114:
> > > > allow myapp_t *:dir { { getattr search open } };
> > > >
> > > > /usr/bin/checkmodule:  error(s) encountered while parsing
> > > > configuration
> > > > /usr/share/selinux/devel/include/Makefile:154: recipe for
> > target
> > > > 'tmp/myapp.mod' failed
> > > > make: *** [tmp/myapp.mod] Error 1
> > >
> > > I running on Fedora 25.
> >
> > files_search_all(myapp_t)
> >
> >
>

_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux