Re: selinux-policy-strict-sources: syntax error in Rawhide

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Stephen,

Thanks.

This particular systems is running 'stock' selinux-policy-strict files (i.e.,
selinux-policy-strict-sources is installed, but not modified).

From your response (and from my reading of the develops on
selinux@xxxxxxxxxxxxx), I'm guessing that the best thing to do is just
wait for the other rpm's to 'catch up'.

It appears that the 'yum' process left me with my current policy.18
file (dated Aug-1) and a policy.18.rpmnew (dated Aug-8) (from
the selinux-policy-strict package, I believe), so I'm guessing
I have 'valid' policy files for the 'current' (i.e., selinux-policy-strict-1.15.11)
and the 'new' (i.e., selinux-policy-strict-1.15.13) environments.
I should have enough to 'keep running' until the new packages
come (Thanks Dan!).

thanks again,
  tom

------------------------------------------------------------------------

    * /From/: Stephen Smalley <sds epoch ncsc mil>

------------------------------------------------------------------------

On Mon, 2004-08-09 at 11:46, Tom London wrote:
Seems to be an error in the latest selinux-policy-strict-sources from Rawhide:
tom

selinux-policy-strict-sources 100 % done 67/459
make: Entering directory `/etc/selinux/strict/src/policy'
mkdir -p /etc/selinux/strict/policy
/usr/bin/checkpolicy -o /etc/selinux/strict/policy/policy.18 policy.conf
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
domains/user.te:70:ERROR 'syntax error' at token ')' on line 43573:
#line 70
if () {
/usr/bin/checkpolicy:  error(s) encountered while parsing configuration
make: *** [/etc/selinux/strict/policy/policy.18] Error 1
make: Leaving directory `/etc/selinux/strict/src/policy'


Side effect of converting many of the compile-time tunables to runtime
booleans - if you have a customized tunables.tun file, then it is left
intact by rpm, and m4 ends up defining away the boolean in the policy
sources.  If you have customized your tunables, then move aside your
tunable.tun file and replace it with the .rpmnew file and then customize
it again.  You'll also need a /etc/selinux/$SELINUXTYPE/booleans file to
customize the booleans (but I don't think Dan has built a
policycoreutils yet that includes the updated load_policy to pull
boolean settings from it).

--
Stephen Smalley <sds epoch ncsc mil>
National Security Agency






[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux