rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Updates.

Browse Source
This commit is contained in:
Karl MacMillan 2005-06-15 21:19:06 +00:00
parent 45d25ff075
commit 5ba9f0b643
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
www/html/contributing.html
View File

@ -0,0 +1,4 @@
<h1>Contributing</h1>
<p>
If you are interested in working on refpolicy feel free to contact the developers at either <a mailto="selinux@tresys.com">selinux@tresys.com</a> or on the <A href="http://www.nsa.gov/selinux/info/list.cfm?MenuID=41.1.1.9">SELinux mailing list</A>. All public development related discussion happens on the SELinux mailing list.
</p>

10
www/html/getting-started.html
View File

@ -11,7 +11,7 @@ Modules should be placed in refpolicy/policy/LAYER, where LAYER is the name of t
</p>
<h3>Module TE Policy</h3>
<p>
First, let's create myapp.te and add the following:
First create myapp.te and add the following:
<div id="codeblock">
<pre>
# Private type declarations
@ -38,19 +38,20 @@ allow myapp_t myapp_log_t:file ra_file_perms;
allow myapp_t myapp_tmp_t:file create_file_perms;
</pre>
</div>
This allows myapp_t to write to it's private types, but it needs to be able to
create its temporary files in /tmp. This requires a call to the files module.
<p>This allows myapp_t to write to it's private types, but it needs to be able to
create its temporary files in /tmp. This requires a call to the files module.</p>
<div id="codeblock">
<pre>
files_create_tmp_files(myapp_t,myapp_tmp_t,file)
</pre>
</div>
<p>
This call to the files module allows myapp_t to create myapp_tmp_t files in
the /tmp directory.
</p>
<h3>Module IF Policy</h3>
<p>
First, let's create myapp.if and add the following:
The interface file creates the macros that other modules will use to gain access to my resources. This allows the module that created the type or attribute to define appropriate uses. Additionally, it provides a single point for documentation. Create myapp.if and add the following:
<div id="codeblock">
<pre>
## &lt;module name="myapp" layer="apps"&gt;
@ -102,6 +103,7 @@ define(`myapp_read_log',`
## &lt;/module&gt;
</pre>
</div>
<p>
The first interface allows other domains to do a domain
transition to myapp_t, by executing a program labeled myapp_exec_t.
</p>