Stephen Smalley wrote:
> On Mon, 2006-02-20 at 07:44 -0700, gf wrote:
> > Hi,
> > I am trying to update the httpd policy in selinux to allow access to
port 8443.
> > I thought that I could add the line
> > portcon tcp 8443 system_u:object_r:http_port_t
> > to the file
> > /etc/selinux/targeted/src/policy/net_contents
> > and recompile.
> >
> > My first step was to download the sources:
> > selinux-policy-targeted-sources-1.17.30-2.110.rpm
> > and install.
> >
> > To check whether or not everthing was working, I tried the following
> > without altering any files:
> >
> > [$ /etc/selinux/targeted/src/policy]:make load
> > mkdir -p /etc/selinux/targeted/policy
> > /usr/bin/checkpolicy -o /etc/selinux/targeted/policy/policy.18
policy.conf
> > /usr/bin/checkpolicy: loading policy configuration from policy.conf
> > tmp/program_used_flags.te:2:ERROR 'syntax error' at token
> > '/etc/selinux/targeted/src/policy/domains/program' on line 1164:
> > /etc/selinux/targeted/src/policy/domains/program
> > #line 1 "tmp/program_used_flags.te"
> > /usr/bin/checkpolicy: error(s) encountered while parsing
configuration
> > make: *** [/etc/selinux/targeted/policy/policy.18] Error 1
>
> Sounds like a bug in the policy Makefile in the generation of the
> policy.conf file, as that string
> ('/etc/selinux/targeted/src/policy/domains/program') shouldn't appear
in
> it. Provide more context please, e.g. the lines around line 1164 of
the
> policy.conf file.
I've just come across this error myself. I've got two updated FC4
machines here both doing the same thing.
Turns out it's a 'cd' in the Makefile that is echoing the new directory
and getting caught up in the destination file. The odd thing is that my
shell setup has never had cd echoing the destination (it would annoy me
- if I've just cd'd, I know where to!), so this must be something from
Fedora.
Anyhow, the attached patch fixes it for me. Any chance this can make it
upstream?
[Stephen, thanks for the clue that let me to find this!]
Cheers,
Martin.
--- Makefile.orig 2006-03-22 11:38:22.000000000 +0000
+++ Makefile 2006-03-22 11:38:51.000000000 +0000
@@ -205,8 +205,8 @@
tmp/program_used_flags.te: $(wildcard domains/program/*.te) domains/program
@mkdir -p tmp
- ( cd domains/program/ ; for n in *.te ; do echo "define(\`$$n')"; done ) > $@.tmp
- ( cd domains/misc/ ; for n in *.te ; do echo "define(\`$$n')"; done ) >> $@.tmp
+ ( cd domains/program/ >/dev/null ; for n in *.te ; do echo "define(\`$$n')"; done ) > $@.tmp
+ ( cd domains/misc/ >/dev/null; for n in *.te ; do echo "define(\`$$n')"; done ) >> $@.tmp
mv $@.tmp $@
FILESYSTEMS=`mount | grep -v "context=" | egrep -v '\((|.*,)bind(,.*|)\)' | awk '/(ext[23]| xfs| jfs | reiserfs ).*rw/{print $$3}';`
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
