SELinux macro broken?
Christoph Höger
choeger at cs.tu-berlin.de
Tue Jan 1 13:22:42 UTC 2008
Am Montag, den 31.12.2007, 15:39 -0500 schrieb Daniel J Walsh:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Christoph Höger wrote:
> > Hi,
> >
> > when I tried to build a custom SELinux module, this strange behavior
> > occured:
> >
> > when I used:
> >
> > libs_read_lib_files(tomcat5_t)
> >
> > I got "read" denied source: tomcat5_t target: lib_t
> >
> > but using
> >
> > require {
> > type lib_t;
> > type tomcat5_t;
> > class file read;
> > }
> >
> > allow tomcat5_t lib_t:file read;
> >
> > worked fine. Although this should essentially be the same in my
> > understanding.
> >
> > Any explanations for that?
> >
> > regards
> >
> > christoph
> >
> Please attach the compilation errors.
>
>
> tomcat5_t is marked as a domain_type?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkd5U44ACgkQrlYvE4MpobP9egCdG+J82YNQyTFNSKnh7uyku4Aa
> iAgAoKR7A+DEWGIFNJV+48MPt+BlxIyr
> =wOR2
> -----END PGP SIGNATURE-----
>
Hi,
there were no compilation errors, but I think it had to do with
libs_use_lib_files with is deprecated. I have no problems since I use
libs_use_shared_libs().
You can see the complete .te file on the selinux list, which I
discovered after I posted the first message (sorry for that).
thank you
christoph
More information about the fedora-devel-list
mailing list