From: dtdevore64@yahoo.com (Dan)
Date: Mon, 14 Dec 2015 21:56:24 -0500
Subject: [refpolicy] refpolicy interface help
In-Reply-To: <566ED8D9.1060803@tresys.com>
References: <566D0441.8060600@yahoo.com> <566ED8D9.1060803@tresys.com>
Message-ID: <566F8158.7000407@yahoo.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Yes I labeled everything correctly, my .emacs.d directory and everything
underneath it is labeled emacs_home_t and I have labeled my emacs binary
with the emacs_exec_t.

On 12/14/2015 09:57 AM, Christopher J. PeBenito wrote:
> On 12/13/2015 12:38 AM, Dan wrote:
>> Hello all, I am confining the application emacs using the selinux
>> refpolicy and I seem to be stuck on one little part. I get this one
>> audit2allow rule that says allow emacs_t user_home_t:file { rename write
>> create read open };
>>
>> Now my problem with that rule is that I don't want my application to
>> write or create files with the user_home_t, so I decided to use an
>> interface. The interfaces I used are these below:
>>
>> userdom_user_home_dir_filetrans(emacs_t, emacs_home_t, dir, ".emacs.d")
>>
>> userdom_user_home_content_filetrans(emacs_t, emacs_home_t, { file dir
>> lnk_file })
>>
>>
>>
>> But the problem is when I added these into my policy and when trying to
>> to an audit2allow on the most recent time and date the denial was still
>> there for some odd reason and I don't know what interface, macro, or
>> whatever to use to get rid of the denial allow emacs_t user_home_t:file
>> { rename write create read open }; Any help would be much appreciated.
> 
> Did you relabel the existing files and directories?  Adding a filetrans
> will only affect the label of new files/dirs being created.
>