[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Create new types in modules?

From: Stephen Smalley <sds tycho nsa gov>
To: Paul Howarth <paul city-fan org>
Cc: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
Subject: Re: Create new types in modules?
Date: Thu, 13 Apr 2006 08:20:21 -0400

On Thu, 2006-04-13 at 08:08 -0400, Stephen Smalley wrote:
> > So, my idea was to define everything under my chroot as a new type,
> > mock_root_t, and then have a module like this:
> > 
> > module mock 0.2;
> > 
> > require {
> >         class file execmod;
> > 
> >         type unconfined_t;
> >         type mock_root_t;
> > };
> 
> Move the mock_root_t type decl outside of the requires block.

Oh, and you should really do it like this (similar to my prior
discussion about creating a policy module for the samba issue):
$ mkdir mock
$ cd mock
$ vi mock.te
i(nsert)
policy_module(mock, 0.2)

require {
	type unconfined_t;
};

type mock_root_t;
files_type(mock_root_t) # allow this type to be used for files
allow unconfined_t mock_root_t:file execmod;
:wq
$ touch mock.if mock.fc
$ make -f /usr/share/selinux/devel/Makefile
$ su
# semodule -i mock.pp

Chad and Dan, can we get this kind of example (and/or the prior one I
created for the samba issue) added to the FAQ?  Otherwise, people don't
have good examples to follow.

-- 
Stephen Smalley
National Security Agency

Follow-Ups:
- Re: Create new types in modules?
  - From: Stephen Smalley
- Re: Create new types in modules?
  - From: Paul Howarth

References:
- Create new types in modules?
  - From: Paul Howarth
- Re: Create new types in modules?
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]