> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > selinux@xxxxxx wrote: >> Hi all, >> >> we're trying to setup an JBoss-module. As you probably know JBoss needs >> Java and vice versa. >> >> For this we created an .te and if. Part of the .if is an interface to >> allow writing logfiles. Relevant part: >> What I am doing wrong here?? >> >> Cheers, >> >> Bart >> >> > No your module needs a te file that defined jboss_log_t, not just the > interface, and probably need a file context file. > > cat jboss.te > > type jboss_log_t; > logging_file_type(jboss_log_t) > > cat jboss.fc > /var/log/jboss.* gen_context(system_u:object_r:jboss_log_t,s0) > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.8 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAke/AjAACgkQrlYvE4MpobP52QCgopXRW8J10kAKL3T4XULq077o > u5QAoNcSqVRUryRI52Vo88qeZY+1V1ip > =z13R > -----END PGP SIGNATURE----- > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx > with > the words "unsubscribe selinux" without quotes as the message. > Hi Daniel, We (Bart and I) just pasted the relevant part of our module. To be more complete I pasted the whole module (so the jboss.te, jboss.if and the jboss.fc) at the following urls: http://pastebin.ca/914239 http://pastebin.ca/914240 http://pastebin.ca/914243 The only difference I can see in you statement and ours is this: Our jboss.te: type jboss_log_t; logging_log_file(jboss_log_t) Your jboss.te example: type jboss_log_t; logging_file_type(jboss_log_t) Our jboss.fc: /var/log/jboss(/.*)? gen_context(system_u:object_r:jboss_log_t,s0) Your jboss.fc example: /var/log/jboss.* gen_context(system_u:object_r:jboss_log_t,s0) Is that difference the reason why jboss_log_t isn't available to other modules? Cheers, Ronald -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
