Re: Custom Process Label (SElinux)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 9 Mar 2017 2:25 pm, "Kashif ali" <kashif.ali.9498@xxxxxxxxx> wrote:
this is  myapp.te file 


policy_module(myapp_service, 1.0.0)

########################################
#
# Declarations
#

attribute_role myapp_service_roles;
roleattribute system_r myapp_service_roles;

type myapp_service_t;
type myapp_service_exec_t;
application_domain(myapp_service_t, myapp_service_exec_t)
For system daemons, the right interface is init_daemon_domain; this also includes the domain transition.
application_domain is for domains run by users, and does not include a domain transition.
role myapp_service_roles types myapp_service_t;

permissive myapp_service_t;

########################################
#
# myapp_service local policy
#

allow myapp_service_t self:fifo_file manage_fifo_file_perms;
allow myapp_service_t self:unix_stream_socket create_stream_socket_perms;

domain_use_interactive_fds(myapp_service_t)

files_read_etc_files(myapp_service_t)

miscfiles_read_localization(myapp_service_t)





this is myapp.fc file 

/usr/sbin/myapp-service                --      gen_context(system_u:object_r:myapp_service_exec_t,s0)


On Thu, Mar 9, 2017 at 6:09 PM, Kashif ali <kashif.ali.9498@xxxxxxxxx> wrote:
yes i did 

On Thu, Mar 9, 2017 at 3:20 PM, Russell Coker <russell@xxxxxxxxxxxx> wrote:
On Thu, 9 Mar 2017 08:42:26 PM Kashif ali wrote:
>   i have created a module for my custom service with seplogen command it
> has generated the policy module for my custom service and context for its
> /usr/bin/mycustomeservicedaemon which is custom_service_exec_t when i run
> my service it doesn't get the label of  custom_service_t where as it has
> the label of init_t so thats mean that the proper domain transition is not
> available or there is something which is i'm missing.

Did you run "restorecon -v /usr/bin/mycustomeservicedaemon"?

--
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/



_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.

_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux