From: Mohamed Hassan <mhassan@cse.psu.edu>
To: Joshua Brindle <method@manicmethod.com>
Cc: selinux@tycho.nsa.gov
Subject: Re: defining a new class in a policy module
Date: Mon, 16 Jun 2008 01:24:10 -0400 [thread overview]
Message-ID: <1213593850.6655.8.camel@cairo> (raw)
In-Reply-To: <4855E31E.50004@manicmethod.com>
Thank you for the response. When I modify the flask/ directory and run
make (flask.py) it will generate 2 directories kernel and selinux. The
kernel one will go under <kernel-src>/security/selinux/include/ and the
selinux headers will go under libselinux/include/selinux.
There is another flask.h file under
libsepol/include/sepol/policydb/flask.h do I need to update that file
for checkpolicy and semodule to work properly?
On Sun, 2008-06-15 at 23:50 -0400, Joshua Brindle wrote:
> Mohamed Hassan wrote:
> > Hi,
> > I created a new policy inside the refpolicy. I am trying to define a new
> > class inside this module. When I compile, it fails with parsing error:
> >
> > /usr/bin/checkmodule -M -m tmp/gsmd.tmp -o tmp/gsmd.mod
> > /usr/bin/checkmodule: loading policy configuration from tmp/gsmd.tmp
> > policy/modules/services/gsmd.te:3:ERROR 'syntax error' at token 'Class'
> > on line 1185:
> >
> > Class gsmd { send_sms_msg receive_sms_msg };
> > /usr/bin/checkmodule: error(s) encountered while parsing configuration
> >
> >
> > Here is my class definition:
> > Class gsmd { send_sms_msg receive_sms_msg };
> >
> > I would like to know how to define a new class in policy module?
> >
>
> It isn't supported, mainly because class and permission ordering is still very static in the policy. To be sure that policy/library/kernel updates won't disturb the number assigned to your object class it is best to submit a reference policy patch to the flask/ directory and let those header changes propagate to the library and kernel.
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2008-06-16 5:24 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-06-16 2:39 defining a new class in a policy module Mohamed Hassan
2008-06-16 3:50 ` Joshua Brindle
2008-06-16 5:24 ` Mohamed Hassan [this message]
2008-06-16 13:57 ` Joshua Brindle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1213593850.6655.8.camel@cairo \
--to=mhassan@cse.psu.edu \
--cc=method@manicmethod.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.