I'm writing a new policy for a special purpose and don't expect to
submit it for refpolicy because it is just too domain specific and not
useful for public domain. Therefore I cannot write a new interface which
could be included in the default policy.
Here is my actual problem. I want to use filetrans because my daemon
creates /dev/twa0 automatically. Therefore I have to write something
like this:
filetrans_pattern(my_daemon_t, device_t, fixed_disk_device_t, chr_file)
Should I include the following require statement at the top of my te
file:
require {
type device_t, fixed_disk_device_t;
}
or should I use this one:
gen_require(`
type _device_t, fixed_disk_device_t;
')
What is the actual difference between require and gen_require? Is it
allowed to write such statements at the top of the policy or in general
is this good practice or not? What was the actual intention of having
two require statements? I guess the gen_require was especially for
interfaces. But which one should be used if no interface is used?
Some clarification would be really appreciated.
- Stefan
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
