Hi,
I created my own basic policy:
Code:
module mypolicy 1.0.0;
require {
type user_t;
role user_r;
class file { getattr execute read open ioctl entrypoint };
class process { transition sigkill sigstop signull signal getattr };
}
type mytype_t;
type mytype_exec_t;
allow mytype_t mytype_exec_t:file { entrypoint };
allow user_t mytype_t:process { transition sigkill sigstop signull signal getattr };
allow user_t mytype_t:file { getattr execute read open ioctl };
type_transition user_t mytype_exec_t:process mytype_t;
role user_r types mytype_t;
When I install it with semodule -i I get an error:
Code:
libsepol.check_assertion_helper: neverallow violated by allow user_t mytype_t:process { transition sigkill sigstop signull signal getattr };
libsemanage.semanage_expand_sandbox: Expand module failed
semodule: Failed!
What am I doing wrong ? Which rule is preventing me from installing the above policy ?
Bookmarks