On Tuesday 09 November 2004 03:40, Tom London selinux@gmail.com wrote:
Adding allow kudzu_t memory_device_t:chr_file { read write }; produces
/usr/bin/checkpolicy: loading policy configuration from policy.conf security: 5 users, 6 roles, 1323 types, 31 bools security: 53 classes, 313479 rules assertion on line 269956 violated by allow kudzu_t memory_device_t:chr_file { read write };
"head -269956 policy.conf |tail -1" gives the following: neverallow { domain -privmem } memory_device_t:{ chr_file blk_file } { read write append };
The solution is to add the privmem attribute to the declaration of kudzu_t: daemon_base_domain(kudzu, `, etc_writer, privmodule, sysctl_kernel_writer, fs_domain, privmem')