On Thu, 2012-02-02 at 18:36 -0500, Maria Iano wrote:
I just noticed that I missed some duplicates. Here is a slightly shorter list. Now I know I can attach them so I won't paste them in again.
Alright. I have cleaned up my policy patch as well. It was very late last night when i did it (or early this morning) There were some dupes, typo's and other issues. Generally it was just a mess.
This is what your mylikewise.te file should look like: (except for the line breaks, that is due to my e-mail client)
policy_module(mylikewise, 1.0.0)
optional_policy(` gen_require(` attribute likewise_domains; type lwiod_t, netlogond_t, netlogond_var_socket_t, likewise_var_lib_t; type lsassd_t, lwsmd_t, netlogond_var_lib_t, likewise_krb5_ad_t, eventlogd_t; ')
stream_connect_pattern(lwiod_t, likewise_var_lib_t, netlogond_var_socket_t, netlogond_t)
kernel_read_system_state(likewise_domains) domain_dontaudit_search_all_domains_state(lsassd_t)
allow lwsmd_t likewise_var_lib_t:file write_file_perms; allow lwsmd_t { netlogond_var_lib_t likewise_krb5_ad_t }:file read_file_perms;
allow eventlogd_t likewise_var_lib_t:file rw_file_perms;
allow lwsmd_t self:process setpgid; allow lwiod_t self:process setrlimit; allow lwiod_t self:capability sys_resource; ')
..
To build it:
make -f /usr/share/selinux/devel/Makefile mylikewise.pp
to install it:
sudo semodule -i mylikewise.pp