From: dtdevore64@yahoo.com (Dan)
Date: Sun, 13 Dec 2015 00:38:09 -0500
Subject: [refpolicy] refpolicy interface help
Message-ID: <566D0441.8060600@yahoo.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello all, I am confining the application emacs using the selinux
refpolicy and I seem to be stuck on one little part. I get this one
audit2allow rule that says allow emacs_t user_home_t:file { rename write
create read open };

Now my problem with that rule is that I don't want my application to
write or create files with the user_home_t, so I decided to use an
interface. The interfaces I used are these below:

userdom_user_home_dir_filetrans(emacs_t, emacs_home_t, dir, ".emacs.d")

userdom_user_home_content_filetrans(emacs_t, emacs_home_t, { file dir
lnk_file })



But the problem is when I added these into my policy and when trying to
to an audit2allow on the most recent time and date the denial was still
there for some odd reason and I don't know what interface, macro, or
whatever to use to get rid of the denial allow emacs_t user_home_t:file
{ rename write create read open }; Any help would be much appreciated.

Thanks.