update with change to how classes are handled in gen_require

2005-09-22 21:56:50 +00:00 · 2005-09-22 21:56:50 +00:00 · 1d85c7a7c6
parent 5561135dd2
commit 1d85c7a7c6
1 changed files with 3 additions and 6 deletions
--- a/www/html/getting-started.html
+++ b/www/html/getting-started.html
@ -85,9 +85,6 @@ documentation. Create myapp.if and add the following:
 interface(`myapp_domtrans',`
 	gen_requires(`
 		type myapp_t, myapp_exec_t;
-		class fd use;
-		class process sigchld;
-		class fifo_file rw_file_perms;
 	')

 	domain_auto_trans($1,myapp_exec_t,myapp_t)
@ -107,7 +104,6 @@ interface(`myapp_domtrans',`
 interface(`myapp_read_log',`
 	gen_requires(`
 		type myapp_log_t;
-		class file r_file_perms;
 	')

 	logging_search_logs($1)
@ -123,6 +119,7 @@ transition to myapp_t, by executing a program labeled myapp_exec_t.
 The second interface allows other domains to read myapp's log files.  Myapp's
 log files are in the /var/log directory, so the access to search the /var/log
 directory is also given by the interface.  The gen_requires() macro is used to
-support loadable policy modules, and must explicitly list the type, attributes,
-object classes, and permissions used by this interface.
+support loadable policy modules, and must explicitly list the type and attributes
+used by this interface.  If object classes of a userland object manager are used,
+the class and the permissions used by the interface must also be listed.
 </p>