On Thu, Mar 19, 2015 at 01:47:29AM +0000, kuangjiou wrote: > Milos ,Thanks for your reply, It helps me a lot. > now I can compile the module success. But when I try to semodule the .pp to the policydb, it got this message: libsepol.policydb_write: Discarding filename type transition rules. I think it must because the kernel version is not new enough to support the filename type transition rules. But I don't want to change my linux kernel , I just plan to update the SElinux codes and built a new linux kernel. And I don't know where to get the SELinux code that is new enough to support the filename type transition rules, So, is that anyone can help me out with this ? Paris (CC'd), may be able to help identify what is needed to port that code to older kernels if that is reasonably possible. I am wondering as well though why that code was not ported to EL 6.* > > -----邮件原件----- > 发件人: Milos Malik [mailto:mmalik@xxxxxxxxxx] > 发送时间: 2015年3月18日 17:05 > 收件人: kuangjiou > 抄送: selinux@xxxxxxxxxxxxx > 主题: Re: Got some problem when using the type_transition, look for some helps! thank you! > > Hi Sylar, > > I forgot to mention that filename transition rules are not supported on RHEL-6.x. Based on the kernel version you provided I guess that you are not running RHEL-7.x, where the filename transition rules are supported. > > # uname -srv > Linux 2.6.32-504.12.2.el6.i686 #1 SMP Sun Feb 1 12:14:25 EST 2015 # cat mypolicy.te > policy_module(mypolicy,1.0) > > require { > type unconfined_t; > type dentry_t; > type file_t; > class file { create }; > } > > type_transition unconfined_t dentry_t:file file_t "myfile"; > > # make -f /usr/share/selinux/devel/Makefile Compiling targeted mypolicy module > /usr/bin/checkmodule: loading policy configuration from tmp/mypolicy.tmp mypolicy.te":10:WARNING 'unrecognized character' at token '"' on line 3220: > type_transition unconfined_t dentry_t:file file_t "myfile"; > > mypolicy.te":10:ERROR 'syntax error' at token 'myfile' on line 3220: > type_transition unconfined_t dentry_t:file file_t "myfile"; > > /usr/bin/checkmodule: error(s) encountered while parsing configuration > make: *** [tmp/mypolicy.mod] Error 1 > # > > Milos Malik > SELinux QE person > BaseOS QE Security team > Brno, The Czech Republic > > ----- Original Message ----- > > > > > > Hello,everyone! > > > > > > > > I am try to use the new features of the type_transition that can > > support to determine the type of the new file by the name of this new > > file,And when I > > > > > > > > use the type_transisiton in my own policy module like this: > > > > > > > > type_transition unconfined_t dentry_t:file file_t myfile; > > > > > > > > I got the error: 'syntax error' at token 'myfile' on line 1195: > > > > > > > > It seems like didn't support the fifth parameter 'myfile', And I am > > using the checkmodule (version 2.3) to compile my policy module, but I > > am not sure > > > > > > > > the the version of the linux kernel (Linux nkgcinwslx00671 > > 2.6.32.12-0.7-default #1 SMP 2010-05-20 11:14:20 +0200 x86_64 x86_64 > > x86_64 > > GNU/Linux) is > > > > > > > > new enough to support this features.(I think the compiling should have > > nothing to do with the kernel?) > > > > > > > > so, could anybody give me some suggestions to resolve this problem? I > > am looking forward to your replies! Thank you very much! > > > > > > > > > > > > Sylar > > > > _______________________________________________ > > Selinux mailing list > > Selinux@xxxxxxxxxxxxx > > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > > To get help, send an email containing "help" to > > Selinux-request@xxxxxxxxxxxxx. > > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift
Attachment:
pgp9WsrRMmSVr.pgp
Description: PGP signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
