Problem with corenet_* statements.

All of lore.kernel.org
 help / color / mirror / Atom feed

* Problem with corenet_* statements.
@ 2008-03-03 21:39 Gienek Nowacki
  2008-03-04 13:49 ` Christopher J. PeBenito
  2008-03-04 14:09 ` Daniel J Walsh
  0 siblings, 2 replies; 3+ messages in thread
From: Gienek Nowacki @ 2008-03-03 21:39 UTC (permalink / raw)
  To: selinux

Hi,

I would like to build my own SE module. The system is CentOS 5.1. The
source of the module is as follow:

# ============ amav.te ===================

module amav 1.0.0;
require {
        type amavis_t;
};
corenet_udp_bind_generic_port(amavis_t);
corenet_dontaudit_udp_bind_all_ports(amavis_t);

# ====================================

After running the command:
checkmodule -M -m -o amav.mod  amav.te

....there is `syntax error' -  checkmodule doasn't recognize
corenet_*  statements.

Next, after successful I would like to use semodule_package and
semodule commands.

The purpose of creating such modul is because amavisd use random UDP
source ports when connecting to DNS serwer.

Could you help me how  - how there is possible to find the solution?

Gienek

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Problem with corenet_* statements.
  2008-03-03 21:39 Problem with corenet_* statements Gienek Nowacki
@ 2008-03-04 13:49 ` Christopher J. PeBenito
  2008-03-04 14:09 ` Daniel J Walsh
  1 sibling, 0 replies; 3+ messages in thread
From: Christopher J. PeBenito @ 2008-03-04 13:49 UTC (permalink / raw)
  To: Gienek Nowacki; +Cc: selinux

On Mon, 2008-03-03 at 22:39 +0100, Gienek Nowacki wrote:
> Hi,
> 
> I would like to build my own SE module. The system is CentOS 5.1. The
> source of the module is as follow:
> 
> # ============ amav.te ===================
> 
> module amav 1.0.0;
> require {
>         type amavis_t;
> };
> corenet_udp_bind_generic_port(amavis_t);
> corenet_dontaudit_udp_bind_all_ports(amavis_t);
> 
> # ====================================
> 
> After running the command:
> checkmodule -M -m -o amav.mod  amav.te
> 
> ....there is `syntax error' -  checkmodule doasn't recognize
> corenet_*  statements.
> 
> Next, after successful I would like to use semodule_package and
> semodule commands.

If you use reference policy interfaces, you must use the reference
policy build infrastructure to process it.  Run

make -f /usr/share/selinux/devel/Makefile

and that will compile and package the module, so you'll get the amav.pp.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Problem with corenet_* statements.
  2008-03-03 21:39 Problem with corenet_* statements Gienek Nowacki
  2008-03-04 13:49 ` Christopher J. PeBenito
@ 2008-03-04 14:09 ` Daniel J Walsh
  1 sibling, 0 replies; 3+ messages in thread
From: Daniel J Walsh @ 2008-03-04 14:09 UTC (permalink / raw)
  To: Gienek Nowacki; +Cc: selinux

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gienek Nowacki wrote:
> Hi,
> 
> I would like to build my own SE module. The system is CentOS 5.1. The
> source of the module is as follow:
> 
> # ============ amav.te ===================
> 
> module amav 1.0.0;
> require {
>         type amavis_t;
> };
> corenet_udp_bind_generic_port(amavis_t);
> corenet_dontaudit_udp_bind_all_ports(amavis_t);
> 
> # ====================================
> 
> After running the command:
> checkmodule -M -m -o amav.mod  amav.te
> 
> ....there is `syntax error' -  checkmodule doasn't recognize
> corenet_*  statements.
> 
> Next, after successful I would like to use semodule_package and
> semodule commands.
> 
> The purpose of creating such modul is because amavisd use random UDP
> source ports when connecting to DNS serwer.
> 
> Could you help me how  - how there is possible to find the solution?
> 
> Gienek
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
You need to build with the interace files.

# yum install selinux-policy-devel
# make -f /usr/share/selinux/devel/Makefile

Should build your module.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfNWBYACgkQrlYvE4MpobNExgCbBr4rqoz1r/Md9g4DMBjdgXaL
kOwAn1w0cj49wR5IOaemfb8MihbDinSC
=A0HS
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2008-03-04 14:10 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-03-03 21:39 Problem with corenet_* statements Gienek Nowacki
2008-03-04 13:49 ` Christopher J. PeBenito
2008-03-04 14:09 ` Daniel J Walsh

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.