rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

update for xml changes

Browse Source
This commit is contained in:
Chris PeBenito 2005-07-01 16:39:21 +00:00
parent a7a9799d79
commit 16e8e265b2
1 changed files with 25 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
www/html/getting-started.html
View File

@ -51,22 +51,36 @@ the /tmp directory.
</p>
<h3>Module IF Policy</h3>
<p>
The interface file creates the macros that other modules will use to gain access to my resources. This allows the module that created the type or attribute to define appropriate uses. Additionally, it provides a single point for documentation. Create myapp.if and add the following:
The interface file creates the macros that other modules will use to gain access
to my resources. This allows the module that created the type or attribute to
define appropriate uses. Additionally, it provides a single point for
documentation. Create myapp.if and add the following:
<div id="codeblock">
<pre>
## &lt;module name="myapp" layer="apps"&gt;
## &lt;summary&gt;Myapp example policy&lt;/summary&gt;
## &lt;description&gt;More descriptive text about myapp&lt;/description&gt;
## &lt;desc&gt;
## &lt;p&gt;
## More descriptive text about myapp. The &lt;desc&gt;
## tag can also use &lt;p&gt;, &lt;ul&gt;, and &lt;ol&gt;
## html tags for formatting.
## &lt;/p&gt;
## &lt;p&gt;
## This policy supports the following myapp features:
## &lt;ul&gt;
## &lt;li&gt;Feature A&lt;/li&gt;
## &lt;li&gt;Feature B&lt;/li&gt;
## &lt;li&gt;Feature C&lt;/li&gt;
## &lt;/ul&gt;
## &lt;/p&gt;
## &lt;/desc&gt;
## &lt;interface name="myapp_domtrans"&gt;
## &lt;summary&gt;
## Execute a domain transition to run myapp.
## &lt;/summary&gt;
## &lt;parameter name="domain"&gt;
## &lt;param name="domain"&gt;
## Domain allowed to transition.
## &lt;/parameter&gt;
## &lt;/interface&gt;
define(`myapp_domtrans',`
## &lt;/param&gt;
interface(`myapp_domtrans',`
gen_requires(`
type myapp_t, myapp_exec_t;
class fd use;
@ -82,15 +96,13 @@ define(`myapp_domtrans',`
allow $1 myapp_t:process sigchld;
')
## &lt;interface name="myapp_read_log"&gt;
## &lt;summary&gt;
## Read myapp log files.
## &lt;/summary&gt;
## &lt;parameter name="domain"&gt;
## &lt;param name="domain"&gt;
## Domain allowed to read the log files.
## &lt;/parameter&gt;
## &lt;/interface&gt;
define(`myapp_read_log',`
## &lt;/param&gt;
interface(`myapp_read_log',`
gen_requires(`
type myapp_log_t;
class file r_file_perms;
@ -99,8 +111,6 @@ define(`myapp_read_log',`
logging_search_logs($1)
allow $1 myapp_log_t:file r_file_perms;
')
## &lt;/module&gt;
</pre>
</div>
<p>