Re: Non-Computing Abstractions & An Issue Thereof

[Richard Haines <richard_c_haines@btinternet.com>]

[-- Attachment #1: Type: text/plain, Size: 2324 bytes --]

I've modified your module to compile and added a few notes - HOWEVER it does get a bit complicated as you need to add your new object classes and permissions to the base policy (as explained in the various emails). 

I've attached a tarball with sample files and a README. If you want, try these but of course you will not be able to enforce any policy but at least
it compiles.

Both examples in the README use information from the SELinux Notebook at:
http://www.freetechbooks.com/the-selinux-notebook-the-foundations-t785.html

One is based on a simple policy and the other on the Fedora 12 targeted reference policy.

Richard

--- On Sat, 29/5/10, Joshua Kramer <josh@globalherald.net> wrote:

> From: Joshua Kramer <josh@globalherald.net>
> Subject: Non-Computing Abstractions & An Issue Thereof
> To: "SE Linux" <selinux@tycho.nsa.gov>
> Date: Saturday, 29 May, 2010, 22:40
> Hello,
> 
> I am trying to wrap my head around using SELinux to secure
> data objects in userspace.  My learning style suggests
> that for a topic like this, I abstract the theory away from
> how it's actually implemented in software.  To those
> ends, I have created the type enforcement file attached to
> this email, that loosely models the behavior of teams of
> sled dogs using SELinux.
> 
> When I try to install the policy using these commands:
> 
> checkmodule -M -m -o seSledDogs.mod seSledDogs.te
> semodule_package -o seSledDogs.pp -m seSledDogs.mod
> semodule -i ./seSledDogs.pp
> 
> ...I get this error from semodule:
> 
> libsepol.print_missing_requirements: seSledDogs's global
> requirements were not met: role dog_owner_r (No such file or
> directory).
> libsemanage.semanage_link_sandbox: Link packages failed (No
> such file or directory).
> semodule:  Failed!
> 
> If I comment out the roles, I get a similar message about
> the types:
> 
> libsepol.print_missing_requirements: seSledDogs's global
> requirements were not met: type/attribute medicine_t (No
> such file or directory).
> libsemanage.semanage_link_sandbox: Link packages failed (No
> such file or directory).
> semodule:  Failed!
> 
> Where do I need to be defining these roles and types? 
> I was under the impression that the te files were
> self-contained.
> 
> Thanks!
> -Joshua Kramer
> 
> 
>

[-- Attachment #2: SledDogs.tar.gz --]
[-- Type: application/x-gzip, Size: 6714 bytes --]