From: Milos Malik <mmalik@redhat.com>
To: kuangjiou <kuangjiou@huawei.com>
Cc: selinux@tycho.nsa.gov
Subject: Re: Got some problem when using the type_transition, look for some helps! thank you!
Date: Wed, 18 Mar 2015 05:05:08 -0400 (EDT) [thread overview]
Message-ID: <568659679.32020739.1426669508944.JavaMail.zimbra@redhat.com> (raw)
In-Reply-To: <60ABE64B4BE4AC45964F1A967BA76CB201569BC3@szxeml522-mbx.china.huawei.com>
Hi Sylar,
I forgot to mention that filename transition rules are not supported on RHEL-6.x. Based on the kernel version you provided I guess that you are not running RHEL-7.x, where the filename transition rules are supported.
# uname -srv
Linux 2.6.32-504.12.2.el6.i686 #1 SMP Sun Feb 1 12:14:25 EST 2015
# cat mypolicy.te
policy_module(mypolicy,1.0)
require {
type unconfined_t;
type dentry_t;
type file_t;
class file { create };
}
type_transition unconfined_t dentry_t:file file_t "myfile";
# make -f /usr/share/selinux/devel/Makefile
Compiling targeted mypolicy module
/usr/bin/checkmodule: loading policy configuration from tmp/mypolicy.tmp
mypolicy.te":10:WARNING 'unrecognized character' at token '"' on line 3220:
type_transition unconfined_t dentry_t:file file_t "myfile";
mypolicy.te":10:ERROR 'syntax error' at token 'myfile' on line 3220:
type_transition unconfined_t dentry_t:file file_t "myfile";
/usr/bin/checkmodule: error(s) encountered while parsing configuration
make: *** [tmp/mypolicy.mod] Error 1
#
Milos Malik
SELinux QE person
BaseOS QE Security team
Brno, The Czech Republic
----- Original Message -----
>
>
> Hello,everyone!
>
>
>
> I am try to use the new features of the type_transition that can support to
> determine the type of the new file by the name of this new file,And when I
>
>
>
> use the type_transisiton in my own policy module like this:
>
>
>
> type_transition unconfined_t dentry_t:file file_t myfile;
>
>
>
> I got the error: 'syntax error' at token 'myfile' on line 1195:
>
>
>
> It seems like didn't support the fifth parameter 'myfile', And I am using the
> checkmodule (version 2.3) to compile my policy module, but I am not sure
>
>
>
> the the version of the linux kernel (Linux nkgcinwslx00671
> 2.6.32.12-0.7-default #1 SMP 2010-05-20 11:14:20 +0200 x86_64 x86_64 x86_64
> GNU/Linux) is
>
>
>
> new enough to support this features.(I think the compiling should have
> nothing to do with the kernel?)
>
>
>
> so, could anybody give me some suggestions to resolve this problem? I am
> looking forward to your replies! Thank you very much!
>
>
>
>
>
> Sylar
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to
> Selinux-request@tycho.nsa.gov.
next prev parent reply other threads:[~2015-03-18 9:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-18 2:22 Got some problem when using the type_transition, look for some helps! thank you! kuangjiou
2015-03-18 8:58 ` Milos Malik
2015-03-18 9:05 ` Milos Malik [this message]
2015-03-19 1:47 ` 答复: " kuangjiou
2015-03-19 11:49 ` Dominick Grift
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=568659679.32020739.1426669508944.JavaMail.zimbra@redhat.com \
--to=mmalik@redhat.com \
--cc=kuangjiou@huawei.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.