-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 selinux@xxxxxx wrote: > selinux@xxxxxx wrote: >>>> Hi all, >>>> >>>> we're trying to setup an JBoss-module. As you probably know JBoss needs >>>> Java and vice versa. >>>> >>>> For this we created an .te and if. Part of the .if is an interface to >>>> allow writing logfiles. Relevant part: >>>> What I am doing wrong here?? >>>> >>>> Cheers, >>>> >>>> Bart >>>> >>>> > No your module needs a te file that defined jboss_log_t, not just the > interface, and probably need a file context file. > > cat jboss.te > > type jboss_log_t; > logging_file_type(jboss_log_t) > > cat jboss.fc > /var/log/jboss.* gen_context(system_u:object_r:jboss_log_t,s0) > >> - -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message. >> > Hi Daniel, > We (Bart and I) just pasted the relevant part of our module. To be more > complete I pasted the whole module (so the jboss.te, jboss.if and the > jboss.fc) at the following urls: > http://pastebin.ca/914239 > http://pastebin.ca/914240 > http://pastebin.ca/914243 > The only difference I can see in you statement and ours is this: > Our jboss.te: > type jboss_log_t; > logging_log_file(jboss_log_t) > Your jboss.te example: > type jboss_log_t; > logging_file_type(jboss_log_t) > Our jboss.fc: > /var/log/jboss(/.*)? gen_context(system_u:object_r:jboss_log_t,s0) > Your jboss.fc example: > /var/log/jboss.* gen_context(system_u:object_r:jboss_log_t,s0) > Is that difference the reason why jboss_log_t isn't available to other > modules? > Cheers, > Ronald logging_log_file is correct You should have a files_type Updated http://pastebin.ca/914287 Everything else looks ok. Is jboss running as jboss_t? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAke/J50ACgkQrlYvE4MpobOpBgCaAvbP+/afkqtpt01dD19c42d9 rPMAn3c3rbumQjcbmtriKFzYDXT2utWZ =KYnl -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
