[Seedit-devel] create domain
Yuichi Nakamura
himainu-ynakam at miomio.jp
Wed May 14 13:57:33 BST 2008
Hi.
> I think I have to prepare new syntax like below.
> domain foo_t;
> program_entry_force /bin/foo;
I have prepared this syntax.
I have commited it to svn tree and you can test it.
You have obtain source in svn by below command.
svn co https://seedit.svn.sourceforge.net/svnroot/seedit/trunk
On Wed, 14 May 2008 21:19:24 +0900
Yuichi Nakamura <himainu-ynakam at miomio.jp> wrote:
> Hi.
>
> On Tue, 13 May 2008 17:39:03 -0700 (PDT)
> run zhang <zhang4run at yahoo.com> wrote:
>
> > Thanks for quick response.
> > 1. That means, at least, I can define domian for each subdir right now.
> Great.
>
> > 2. Can you give some hints on the hacking? I am using 2.2.0.
> Yes,seedit generates SELinux policy under sepolicy/generated.conf.
> generated.conf configuration using macros under macros dir.
> Domain transition is configured like below.
>
> domain_auto_trans(unconfined_domain,sbin_syslogd_t,syslogd_t)
> syslog is assigned "syslogd_t" domain if /sbin/syslogd is executed
> unconfined domain.
>
> If you replace "unconfined_domain" with "domain", and convert
> generated.conf to binary policy,
> syslog will be assigned syslogd_t when executed from any programs.
>
> I think I have to prepare new syntax like below.
> domain foo_t;
> program_entry_force /bin/foo;
>
> then
> domain_auto_trans(domain,bin_foo_t,foo_t)
> is genarated..
>
>
> > BTW, I am using on embeded device. I use the simplified_policy.min, and the base_policy has system_u, root, and user_u. How can I configure a single user single role policy? ( I think this is the case in most embeded environments).
> > Thanks!
> I am glad to hear that people are trying seedit on embedded devices.
> I think what you want is the default configuration of simplified_policy.min.
> RBAC is not configured by default.
>
> And can I forward this email to mailing list??
>
More information about the Seedit-devel
mailing list