On [DATE], "[NAME]" <[ADDRESS]> wrote: > On Tue, 2008-02-26 at 17:06 +0100, selinux@xxxxxx wrote: >> Still having problems setting up modules dor JBoss + Java: >> >> I believe our JBoss module has a fine start now. We decided to write a >> complete new java-module (jbossjava) so we will be able to get java to >> work is strict-mode. >> >> See the following files: >> myjboss.if: http://pastebin.com/f4df202a2 >> myjboss.te: http://pastebin.com/d7318637b >> myjboss.fc: http://pastebin.com/f2f66ff68 >> >> jbossjava.if: http://pastebin.com/f179749e8 >> jbossjava.te: http://pastebin.com/f1731b45d >> jbossjava.fc: http://pastebin.com/f52227f13 > [...] >> 1:selinux-policy-strict ########################################### [ >> 33%] >> libsepol.print_missing_requirements: jbossjava's global requirements were >> not met: type/attribute jboss_rx_t >> libsemanage.semanage_link_sandbox: Link packages failed >> semodule: Failed! > [...] >> Apparently, jbossjava doesn't have any access to the interfaces in >> myjboss.pp. why? > > Its not an interface problem, jboss_rx_t isn't declared. If I look in the myjboss.if file I see: interface(`jboss_rx_files',` gen_require(` type jboss_rx_t; ') allow $1 jboss_rx_t:file exec_file_perms; ') If I understand the interfaces right it is declared in the gen_require statement? And then we can use it in jbossjava.te: jboss_rx_files(jbossjava_t) Or do we not understand the way interfaces work? Do we have to declare jboss_rx_t in jbossjava.te also? -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
