Join Log in
Score:1
Vinod avatar Server

Error while customizing selinux policy for domain

vi flag
Vinod

I am following the steps outlined under this link to customize selinux policy for specific domains (types).

For the domain systemd_tmpfiles_t, I get the following suggestion from audit2allow for a denial logged:

require{
        type default_t;
        type systemd_tmpfiles_t;
        class file map;
}

#================================systemd_tmpfiles_t=======================

#!!! This avc can be allowed using the boolean 'domain_can_mmap_files'
allow systemd_tmpfiles_t default_t:file map;

Based on the procedure outlined in the above link, I do

echo "allow systemd_tmpfiles_t default_t:file map" >> custom_rules.te

and get the following error:

ERROR 'unknown type default_t'

I had generated the custom_rules.te by means of the following command:

sepolicy generate --customize -d systemd_tmpfiles_t -n custom_rules.te

And in the generated custom_rules.te, I can see only the following rule:

gen_require('
             type systemd_tmpfiles_t
')

How can I resolve this issue causes due to the type default_t not being known to the generated custom_rules.te?

Appreciate your thoughts.

TIA

70
1 + 0
Score:0
Saxtheowl avatar Server
by flag
Saxtheowl

The default_t type is missing from your generated custom_rules.te file.

You should open the custom_rules.te and modify the gen_require block like that:

gen_require(`
    type systemd_tmpfiles_t;
    type default_t;
`)

Then save the file and compile again like this:

make -f /usr/share/selinux/devel/Makefile custom_rules.pp
sudo semodule -i custom_rules.pp
+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.