From: domg472@gmail.com (Dominick Grift) Date: Fri, 17 Jul 2009 12:21:32 +0200 Subject: [refpolicy] new policy: rtorrent In-Reply-To: <20090717091335.GB1884@squirrel.roonstrasse.net> References: <20090709095817.GA7703@squirrel.roonstrasse.net> <1247577749.31521.53.camel@gorn.columbia.tresys.com> <20090717091335.GB1884@squirrel.roonstrasse.net> Message-ID: <1247826092.19628.23.camel@notebook2.grift.internal> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Fri, 2009-07-17 at 11:13 +0200, Max Kellermann wrote: > On 2009/07/14 15:22, "Christopher J. PeBenito" wrote: > > If there is some default or suggested location in rtorrent's docs, then > > that would be the best choice. > > Unfortunately, there is none. rtorrent defaults to the current > directory. > > > > dontaudit rtorrent_t etc_t:file read_file_perms; > > > > Referring to other module's types by name is not allowed. > > During my work with the refpolicy, I've been confused many times, and > with each release, new styles get adopted, new rules are set. Where > can I find documentation? There is a lot of outdated > selinux/refpolicy documentation on the net, but it's very hard to find > something which is still valid today. You could maybe solve this by patching a new interface to files.if ######################################## ## ## Do not audit attempts to read files ## in /etc that are generic ## ## ## ## Domain to not audit. ## ## # interface(`files_dontaudit_read_etc_files',` gen_require(` type etc_t; ') dontaudit $1 etc_t:file { getattr read }; ') And call that from your rtorrent.te file: files_dontaudit_read_etc_files(rtorrent_t) I have been considering writing some guidelines to refpolicy style requirements, but i also still make mistakes... Style issues can be learned by *carefully* studying refpolicy. > Max > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090717/1f263b7a/attachment.bin