On Mon, Nov 17, 2014 at 09:18:51PM +0000, Paddie O'Brien wrote: > Thanks. I was under the mistaken impression that unconfined_t got > something for free. My new understanding is that it's by convention > that policy writers give access to unconfined_t to their domains and > they do so by adding explicit rules. > > Also I was missing file_type(mytype_exec_t) although I had > domain_type(mytpe_t). Is there a way to see what things like file_type > and domain_type expand to? I want to know what's going on in the > background. > Forgot the answer the actual question. You can look up what the various "macros" expand to by perusing /usr/share/selinux/devel/include if you have installed the selinux-policy-devel package It might help a bit if you are familiar with m4. Its just macros that eventually expand to selinux policy language, sometimes the macros can nest pretty deep before you end up with the raw rules. macros are basically yet another way to group even more ... -- Dominick Grift
Attachment:
pgpex1rAACad7.pgp
Description: PGP signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
