From: Daniel J Walsh <dwalsh@redhat.com>
To: selinux@a61.nl
Cc: selinux@tycho.nsa.gov
Subject: Re: Gen_require scoping?
Date: Fri, 22 Feb 2008 14:50:54 -0500 [thread overview]
Message-ID: <47BF279E.2070501@redhat.com> (raw)
In-Reply-To: <53615.78.27.17.98.1203707623.squirrel@www.a61.nl>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
selinux@a61.nl wrote:
> selinux@a61.nl wrote:
>>>> Hi all,
>>>>
>>>> we're trying to setup an JBoss-module. As you probably know JBoss needs
>>>> Java and vice versa.
>>>>
>>>> For this we created an .te and if. Part of the .if is an interface to
>>>> allow writing logfiles. Relevant part:
>>>> What I am doing wrong here??
>>>>
>>>> Cheers,
>>>>
>>>> Bart
>>>>
>>>>
> No your module needs a te file that defined jboss_log_t, not just the
> interface, and probably need a file context file.
>
> cat jboss.te
>
> type jboss_log_t;
> logging_file_type(jboss_log_t)
>
> cat jboss.fc
> /var/log/jboss.* gen_context(system_u:object_r:jboss_log_t,s0)
>
>>
- --
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.
>>
> Hi Daniel,
> We (Bart and I) just pasted the relevant part of our module. To be more
> complete I pasted the whole module (so the jboss.te, jboss.if and the
> jboss.fc) at the following urls:
> http://pastebin.ca/914239
> http://pastebin.ca/914240
> http://pastebin.ca/914243
> The only difference I can see in you statement and ours is this:
> Our jboss.te:
> type jboss_log_t;
> logging_log_file(jboss_log_t)
> Your jboss.te example:
> type jboss_log_t;
> logging_file_type(jboss_log_t)
> Our jboss.fc:
> /var/log/jboss(/.*)? gen_context(system_u:object_r:jboss_log_t,s0)
> Your jboss.fc example:
> /var/log/jboss.* gen_context(system_u:object_r:jboss_log_t,s0)
> Is that difference the reason why jboss_log_t isn't available to other
> modules?
> Cheers,
> Ronald
logging_log_file
is correct
You should have a files_type
Updated
http://pastebin.ca/914287
Everything else looks ok. Is jboss running as jboss_t?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAke/J50ACgkQrlYvE4MpobOpBgCaAvbP+/afkqtpt01dD19c42d9
rPMAn3c3rbumQjcbmtriKFzYDXT2utWZ
=KYnl
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
prev parent reply other threads:[~2008-02-22 19:51 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-21 21:22 ps aux output under sysadm context in refpolicy Jeremiah Jahn
2008-02-22 14:35 ` Stephen Smalley
2008-02-22 14:56 ` Jeremiah Jahn
2008-02-22 15:01 ` Stephen Smalley
2008-02-22 15:19 ` Jeremiah Jahn
2008-02-22 15:49 ` Stephen Smalley
2008-02-22 15:33 ` Gen_require scoping? selinux
2008-02-22 17:11 ` Daniel J Walsh
2008-02-22 19:13 ` selinux
2008-02-22 19:50 ` Daniel J Walsh [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47BF279E.2070501@redhat.com \
--to=dwalsh@redhat.com \
--cc=selinux@a61.nl \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.