On [DATE], "[NAME]" <[ADDRESS]> wrote: > On Tue, 2008-02-26 at 19:55 +0100, Ronald van den Blink wrote: >> On [DATE], "[NAME]" <[ADDRESS]> wrote: >> >>> On Tue, 2008-02-26 at 17:06 +0100, selinux@xxxxxx wrote: >>>> Still having problems setting up modules dor JBoss + Java: >>>> >>>> I believe our JBoss module has a fine start now. We decided to write a >>>> complete new java-module (jbossjava) so we will be able to get java to >>>> work is strict-mode. >>>> >>>> See the following files: >>>> myjboss.if: http://pastebin.com/f4df202a2 >>>> myjboss.te: http://pastebin.com/d7318637b >>>> myjboss.fc: http://pastebin.com/f2f66ff68 >>>> >>>> jbossjava.if: http://pastebin.com/f179749e8 >>>> jbossjava.te: http://pastebin.com/f1731b45d >>>> jbossjava.fc: http://pastebin.com/f52227f13 >>> [...] >>>> 1:selinux-policy-strict ########################################### [ >>>> 33%] >>>> libsepol.print_missing_requirements: jbossjava's global requirements were >>>> not met: type/attribute jboss_rx_t >>>> libsemanage.semanage_link_sandbox: Link packages failed >>>> semodule: Failed! >>> [...] >>>> Apparently, jbossjava doesn't have any access to the interfaces in >>>> myjboss.pp. why? >>> >>> Its not an interface problem, jboss_rx_t isn't declared. >> >> If I look in the myjboss.if file I see: >> >> interface(`jboss_rx_files',` >> gen_require(` >> type jboss_rx_t; >> ') >> allow $1 jboss_rx_t:file exec_file_perms; >> ') >> >> If I understand the interfaces right it is declared in the gen_require >> statement? And then we can use it in jbossjava.te: >> >> jboss_rx_files(jbossjava_t) >> >> Or do we not understand the way interfaces work? Do we have to declare >> jboss_rx_t in jbossjava.te also? > > gen_require only specifies dependencies, it doesn't declare them. You > still have to declare it in jbossjava.te. Ohoh, I'm feeling stupid now... Thanks! -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
