From: lonnie@outstep.com
To: SELinux Mailing <SELinux@tycho.nsa.gov>
Subject: Re: setting up new test user domain?
Date: Wed, 19 Dec 2001 16:01:35 -0500 (EST) [thread overview]
Message-ID: <1008795695.3c21002f44f24@mail.outstep.com> (raw)
In-Reply-To: <Pine.GSO.4.33.0112191351410.5056-100000@raven>
Hi again,
I am trying to get through the documentation to get a better idea as to how and
go about these things, but just a small question, ok.
If I do this on the original every.te
sed "s/domain/~be_domain/g" every.te > newevery.te
mv newevery.te every.te
Then in my new file "be_user.te"
I have replaced
"user_t" with "be_user_t"
"define('user_domain'," with "define('be_domain',"
"user_domain(user)" with "be_domain(be_user)"
"type user_t domain userdomain" with "type be_user_t domain be_userdomain"
then when I go to the policy directory and do "make" I get the error unknown
type 'be_domain'
could there be a problem in that it is looking for ~be_domain although I
thought that"~" was for "not"
I'll work on getting more of the reading done as well.
cheers'
Lonnie
Quoting Stephen Smalley <sds@tislabs.com>:
>
> On Wed, 19 Dec 2001 lonnie@outstep.com wrote:
>
> > Actually I found out that I had to use the original unchanged every.te
> as well
> > as changing the be_domain back to domain in the be_user.te file.
>
> No, that isn't right. If you use the original every.te file and you
> keep
> the "domain" attribute on your new domain, then the rules in every.te
> will
> be applied to your new domain, which is more permissive than you want.
> As
> I said originally, you must either change every.te to exclude your new
> domain or you must not use the "domain" attribute on your new domain.
> The
> first option seems preferable (changing every.te).
>
> Please make sure that you've read the available documentation
> regarding
> the policy before proceeding any further. Randomly making changes
> without
> any understanding of what you are doing is unlikely to produce the
> desired
> result.
>
> --
> Stephen D. Smalley, NAI Labs
> ssmalley@nai.com
>
>
>
>
>
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2001-12-19 21:01 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-12-18 17:01 setting up new test user domain? lonnie
2001-12-18 17:59 ` Stephen Smalley
2001-12-18 17:59 ` lonnie
2001-12-18 18:29 ` Stephen Smalley
2001-12-18 19:43 ` lonnie
2001-12-19 14:20 ` lonnie
2001-12-19 15:03 ` Stephen Smalley
2001-12-19 17:55 ` Gary Lowder
2001-12-19 19:45 ` Stephen Smalley
2001-12-19 21:08 ` lonnie
2001-12-19 18:05 ` Debian SE Linux ? Noah silva
2001-12-19 18:34 ` Stephen Smalley
2001-12-20 11:43 ` Russell Coker
2001-12-20 14:44 ` Stephen Smalley
2001-12-20 15:34 ` Noah silva
2001-12-20 15:46 ` Stephen Smalley
2001-12-20 16:01 ` Noah silva
2001-12-20 16:09 ` Stephen Smalley
2001-12-19 18:28 ` setting up new test user domain? lonnie
2001-12-19 19:36 ` Stephen Smalley
2001-12-19 21:01 ` lonnie [this message]
2001-12-19 21:54 ` Stephen Smalley
-- strict thread matches above, loose matches on Subject: below --
2001-12-19 19:18 Flood Randy Capt AFCA/TCAA
2001-12-20 11:54 ` Russell Coker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1008795695.3c21002f44f24@mail.outstep.com \
--to=lonnie@outstep.com \
--cc=SELinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.