On 12/18/2017 02:55 PM, Stephen Smalley wrote:
Sorry, are you saying that mydomain_t is creating a file in /var/log, and that you both want the file type to be set to mypriv_var_log_t and the level set to mySystemHigh?
That is correct.
If so, then I believe the correct incantation would be: type_transition mydomain_t var_log_t:file mypriv_var_log_t; range_transition mydomain_t var_log_t:file mySystemHigh; (obviously you might instead be using refpolicy macros/interfaces to achieve the same end) In both cases, the source type corresponds to the creating process, the target type corresponds to the parent directory type, and the new type or level is applied to new files.
Ah, using the parent type for the range_transition was not obvious to me. It is working properly for me now, thanks for your assistance.
Regards, -- Paul Arnold, CISSP Cole Engineering Services, Inc.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
