Please help getting a policy to compile with mta_send_mail()
Paul Howarth
paul at city-fan.org
Thu Mar 6 09:22:47 UTC 2008
Edward Kuns wrote:
> I know I must be doing something wrong, but hours and hours of googling
> have not turned up any help. The following is in myclamav.te:
>
> module myclamav 1.0;
>
> require {
> type shell_exec_t;
> type sendmail_exec_t;
> type bin_t;
> type clamd_t;
> class dir search;
> class file { execute getattr };
> }
>
> mta_send_mail(clamd_t);
>
> #============= clamd_t ==============
> allow clamd_t bin_t:dir search;
> allow clamd_t sendmail_exec_t:file { execute getattr };
> allow clamd_t shell_exec_t:file getattr;
>
>
> As root, I run:
>
> checkmodule -m myclamav.te
>
> which if I understand things will compile the TE file into a PP file
> which I can load. However, it complains about a syntax error on the
> mta_send_mail line. I've tried a lot of variations, but I cannot make
> this file compile.
>
> Looking for examples, I look in /etc/selinux/targeted/src, but the "src"
> directory does not exist. I believe I have all RPMs installed that I
> need:
>
> # rpm -qa 'selinux*' 'setroubleshoot*' 'setools*'
> selinux-policy-targeted-3.0.8-87.fc8
> setools-console-3.3.1-7.fc8
> selinux-policy-devel-3.0.8-87.fc8
> selinux-doc-1.26-1.1
> selinux-policy-3.0.8-87.fc8
> setroubleshoot-server-2.0.5-2.fc8
> setroubleshoot-2.0.5-2.fc8
> setroubleshoot-plugins-2.0.4-3.fc8
> setools-3.3.1-7.fc8
> setools-libs-tcl-3.3.1-7.fc8
> setools-libs-3.3.1-7.fc8
> setools-gui-3.3.1-7.fc8
>
> I know I must be missing something obvious, but I am out of clues.
You need to install the selinux-policy SRPM and "prep" it to read
through the main policy source.
See http://www.city-fan.org/tips/BuildSeLinuxPolicyModules (section
"Examining Policy Sources").
Paul.
More information about the fedora-selinux-list
mailing list