How do I create an initial policy for a new app?

Fri Mar 6 01:55:26 UTC 2009

using the polgengui, i get an error that the type is unknown (see below).

I compared the generated files to /usr/share/selinux/devel/example.*

I can see that I need to add the initial type myapp2_t;

... there are some other differences.  For example:

Polgengui's myapp2.te:

corecmd_executable_file(pbrun_exec_t)

example.te:

domain_type(myapp_t)

domain_entry_file(myapp_t, myapp_exec_t)

Do these accomplish essentially the same thing?

Thanks,

Brian

+ . ./myapp2.sh

++ set -x

++ make -f /usr/share/selinux/devel/Makefile

Compiling targeted myapp2 module

/usr/bin/checkmodule:  loading policy configuration from tmp/myapp2.tmp

myapp2.te:22:ERROR 'unknown type myapp2_t' at token ';' on line 83532:

allow myapp2_t myapp2_rw_t:file { create getattr setattr read write append rename link unlink ioctl lock };

/usr/bin/checkmodule:  error(s) encountered while parsing configuration

make: *** [tmp/myapp2.mod] Error 1

++ /usr/sbin/semodule -i myapp2.pp

libsepol.check_assertion_helper: assertion on line 0 violated by allow myapp2_t system_chkpwd_t:process { transition };

libsepol.check_assertion_helper: assertion on line 0 violated by allow myapp2_t updpwd_t:process { transition };

libsepol.check_assertion_helper: assertion on line 0 violated by allow system_chkpwd_t myapp2_t:process { sigchld };

libsepol.check_assertion_helper: assertion on line 0 violated by allow updpwd_t myapp2_t:process { sigchld };

libsepol.check_assertions: 4 assertion violations occured

libsemanage.semanage_expand_sandbox: Expand module failed

/usr/sbin/semodule:  Failed!

++ /sbin/restorecon -F -R -v /usr/local/bin/myapp2

/sbin/restorecon reset /usr/local/bin/myapp2 context system_u:object_r:bin_t:s0->system_u:object_r:bin_t:s0

++ /sbin/restorecon -F -R -v /etc/pb.settings

/sbin/restorecon reset /etc/pb.settings context system_u:object_r:etc_t:s0->system_u:object_r:etc_t:s0

++ /usr/sbin/semanage port -a -t myapp2_port_t -p tcp 23000

libsepol.context_from_record: type myapp2_port_t is not defined

libsepol.context_from_record: could not create context structure

libsepol.port_from_record: could not create port structure for range 23000:23000 (tcp)

libsepol.sepol_port_modify: could not load port range 23000 - 23000 (tcp)

libsemanage.dbase_policydb_modify: could not modify record value

libsemanage.semanage_base_merge_components: could not merge local modifications into policy

/usr/sbin/semanage: Could not add port tcp/23000

++ echo -ne '\033]0;root at localhost:~'

[root at localhost ~]#

`

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090305/27cd43d1/attachment.htm>