Creating selinux modules
Mar 15th, 2007 by Kostas Georgiou
Here is how to compile and install an selinux module since I’ll forget if I don’t save it somwehere (based on audit2allow -M mysaslauthd -i /var/log/audit/audit.log output).
# cat mysaslauthd.te
module mysaslauthd 1.0.8;
require {
class dir { search write add_name remove_name };
class file { getattr lock read write create rename unlink };
type krb5_keytab_t;
type saslauthd_t;
type tmp_t;
role system_r;
};
allow saslauthd_t krb5_keytab_t:file read;
allow saslauthd_t krb5_keytab_t:file lock;
allow saslauthd_t tmp_t:dir search;
allow saslauthd_t tmp_t:file { getattr read write create rename unlink };
allow saslauthd_t tmp_t:dir { search write add_name remove_name };
# checkmodule -M -m -o mysaslauthd.mod mysaslauthd.te
# semodule_package -o mysaslauthd.pp -m mysaslauthd.mod
# semodule -i mysaslauthd.pp
