update with change to how classes are handled in gen_require

This commit is contained in:
Chris PeBenito 2005-09-22 21:56:50 +00:00
parent 5561135dd2
commit 1d85c7a7c6
1 changed files with 3 additions and 6 deletions

View File

@ -85,9 +85,6 @@ documentation. Create myapp.if and add the following:
interface(`myapp_domtrans',`
gen_requires(`
type myapp_t, myapp_exec_t;
class fd use;
class process sigchld;
class fifo_file rw_file_perms;
')
domain_auto_trans($1,myapp_exec_t,myapp_t)
@ -107,7 +104,6 @@ interface(`myapp_domtrans',`
interface(`myapp_read_log',`
gen_requires(`
type myapp_log_t;
class file r_file_perms;
')
logging_search_logs($1)
@ -123,6 +119,7 @@ transition to myapp_t, by executing a program labeled myapp_exec_t.
The second interface allows other domains to read myapp's log files. Myapp's
log files are in the /var/log directory, so the access to search the /var/log
directory is also given by the interface. The gen_requires() macro is used to
support loadable policy modules, and must explicitly list the type, attributes,
object classes, and permissions used by this interface.
support loadable policy modules, and must explicitly list the type and attributes
used by this interface. If object classes of a userland object manager are used,
the class and the permissions used by the interface must also be listed.
</p>