I appended the class declaration to the security_classes files. I have installed the new policy and libselinux. However now when trying to use this new class in a te file the build fails with an 'unknown class' error. Do I need to rebuild any other packages before I can use this class? I tried rebuilding checkpolicy but that didn't help. On Thu, Apr 17, 2008 at 9:30 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > > On Thu, 2008-04-17 at 09:20 -0500, Xavier Toth wrote: > > If the new security class is a userspace object manager related class > > do I still need to rebuild the kernel? > > No. You should find that the regenerated kernel headers are no > different, as they no longer include userspace classes (if annotated as > such in the security_classes file). > > I assume though that you are adding your new class to the end of the > security_classes list. Inserting a class before an existing one can > perturb the values of the existing classes, which isn't a good idea > (forbidden for kernel classes and any userspace object managers that use > the old libselinux API; permissible for new userspace object classes > when they use the dynamic class/permission discovery support but can > still break running applications until we have support for remapping > upon reload there). > > -- > > > Stephen Smalley > National Security Agency > > -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
