[systemd-devel] SELinux type transition rule not working
Ian Pilcher
arequipeno at gmail.com
Fri Mar 3 15:44:18 UTC 2017
On 03/02/2017 09:13 AM, Simon Sekidde wrote:
> I assume this would be a pid file?
You assume correctly.
> If so then what you are probably looking for is a filename_trans rule
> and will require a new interface in squid.if for this.
>
> Try something like
>
> interface(`squid_filetrans_named_content',` gen_require(`
> type_squid_var_run_t; ')
>
> files_pid_filetrans($1, squid_var_run_t, dir, "squozy") ')
Not sure where squid came from. The service is one of my own making
called "squoxy" (short for "Squeezebox proxy"). Its purpose is to
forward Squeezebox discovery broadcast packets from one network to
another.
So I assume that I would need to add something like this to my policy
module:
files_pid_filetrans(var_run_t, squoxy_var_run_t, dir, "squoxy")
(I'm guessing at what to put in for $1.)
>> Hmm, so the relevant code in systemd actually labels the dir after
>> creating it after an selinux database lookup, so from our side all
>> should be good:
>>
>> https://github.com/systemd/systemd/blob/master/src/core/execute.c#L1857
>>
>>
>>(specifically, we all mkdir_p_label() instead of plain mkdir_p()
>> there)
And this is working now, presumably after a reboot? I do so love
non-deterministic computers. :-/
--
========================================================================
Ian Pilcher arequipeno at gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================
More information about the systemd-devel
mailing list