Re: Add a new class - Joshua Brindle

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joshua Brindle <jbrindle@tresys.com>
To: Trent Jaeger <jaegert@us.ibm.com>
Cc: selinux@tycho.nsa.gov
Subject: Re: Add a new class
Date: Mon, 04 Oct 2004 20:40:38 -0400	[thread overview]
Message-ID: <4161ED86.2080200@tresys.com> (raw)
In-Reply-To: <OF459C4AF8.918C9B11-ON85256F23.00798D88-85256F23.0079ECBE@us.ibm.com>

Check the files in policy/flask

specifically you must add the class to security_classes and the 
permissions to access_vectors and then rebuild the headers with the 
Makefile in the flask directory and put them in 
linux/security/selinux/include/

then reboot on the new kernel and build a policy with the new classes 
and access vectors, it should be fairly straightforward and no problems 
should occur.

Joshua Brindle

Trent Jaeger wrote:

>
> Hi,
>
> I think this is something I could find in the docs or code, but I 
> don't see it.  
>
> How do I add a new class?  There are a variety of files in 
> security/selinux/include, such as av_permissions.h, that are 
> "automatically generated", but they are already in the distribution, 
> so it is not clear how they are generated.  If I add a class, 
> operations, etc., these files have to be modified and I would rather 
> do it the proper way.
>
> BTW -- this is for adding IPSec security associations for classes, so 
> we can label network connections.  Prototype code should be available 
> soon.
>
> Regards,
> Trent.
> ------------------------------------------------------------
> Trent Jaeger
> IBM T.J. Watson Research Center
> 19 Skyline Drive, Hawthorne, NY 10532
> (914) 784-7225, FAX (914) 784-7225 



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2004-10-05  0:40 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-10-04 22:11 Add a new class Trent Jaeger
2004-10-05  0:17 ` Luke Kenneth Casson Leighton
2004-10-05  0:40 ` Joshua Brindle [this message]
2004-10-05 12:32   ` Stephen Smalley
  -- strict thread matches above, loose matches on Subject: below --
2005-01-02  7:17 Park Lee
2005-01-03 14:01 ` Stephen Smalley
2005-01-12 19:40 Park Lee
2005-01-12 21:34 ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4161ED86.2080200@tresys.com \
    --to=jbrindle@tresys.com \
    --cc=jaegert@us.ibm.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.