update with change to how classes are handled in gen_require
This commit is contained in:
parent
5561135dd2
commit
1d85c7a7c6
|
@ -85,9 +85,6 @@ documentation. Create myapp.if and add the following:
|
|||
interface(`myapp_domtrans',`
|
||||
gen_requires(`
|
||||
type myapp_t, myapp_exec_t;
|
||||
class fd use;
|
||||
class process sigchld;
|
||||
class fifo_file rw_file_perms;
|
||||
')
|
||||
|
||||
domain_auto_trans($1,myapp_exec_t,myapp_t)
|
||||
|
@ -107,7 +104,6 @@ interface(`myapp_domtrans',`
|
|||
interface(`myapp_read_log',`
|
||||
gen_requires(`
|
||||
type myapp_log_t;
|
||||
class file r_file_perms;
|
||||
')
|
||||
|
||||
logging_search_logs($1)
|
||||
|
@ -123,6 +119,7 @@ transition to myapp_t, by executing a program labeled myapp_exec_t.
|
|||
The second interface allows other domains to read myapp's log files. Myapp's
|
||||
log files are in the /var/log directory, so the access to search the /var/log
|
||||
directory is also given by the interface. The gen_requires() macro is used to
|
||||
support loadable policy modules, and must explicitly list the type, attributes,
|
||||
object classes, and permissions used by this interface.
|
||||
support loadable policy modules, and must explicitly list the type and attributes
|
||||
used by this interface. If object classes of a userland object manager are used,
|
||||
the class and the permissions used by the interface must also be listed.
|
||||
</p>
|
||||
|
|
Loading…
Reference in New Issue