On Wed, 2006-03-22 at 11:52 +0000, Martin Ebourne wrote:
> Stephen Smalley wrote:
> > On Mon, 2006-02-20 at 07:44 -0700, gf wrote:
> > > Hi,
> > > I am trying to update the httpd policy in selinux to allow access to
> port 8443.
> > > I thought that I could add the line
> > > portcon tcp 8443 system_u:object_r:http_port_t
> > > to the file
> > > /etc/selinux/targeted/src/policy/net_contents
> > > and recompile.
> > >
> > > My first step was to download the sources:
> > > selinux-policy-targeted-sources-1.17.30-2.110.rpm
> > > and install.
> > >
> > > To check whether or not everthing was working, I tried the following
> > > without altering any files:
> > >
> > > [$ /etc/selinux/targeted/src/policy]:make load
> > > mkdir -p /etc/selinux/targeted/policy
> > > /usr/bin/checkpolicy -o /etc/selinux/targeted/policy/policy.18
> policy.conf
> > > /usr/bin/checkpolicy: loading policy configuration from policy.conf
> > > tmp/program_used_flags.te:2:ERROR 'syntax error' at token
> > > '/etc/selinux/targeted/src/policy/domains/program' on line 1164:
> > > /etc/selinux/targeted/src/policy/domains/program
> > > #line 1 "tmp/program_used_flags.te"
> > > /usr/bin/checkpolicy: error(s) encountered while parsing
> configuration
> > > make: *** [/etc/selinux/targeted/policy/policy.18] Error 1
> >
> > Sounds like a bug in the policy Makefile in the generation of the
> > policy.conf file, as that string
> > ('/etc/selinux/targeted/src/policy/domains/program') shouldn't appear
> in
> > it. Provide more context please, e.g. the lines around line 1164 of
> the
> > policy.conf file.
>
> I've just come across this error myself. I've got two updated FC4
> machines here both doing the same thing.
>
> Turns out it's a 'cd' in the Makefile that is echoing the new directory
> and getting caught up in the destination file. The odd thing is that my
> shell setup has never had cd echoing the destination (it would annoy me
> - if I've just cd'd, I know where to!), so this must be something from
> Fedora.
>
> Anyhow, the attached patch fixes it for me. Any chance this can make it
> upstream?
>
> [Stephen, thanks for the clue that let me to find this!]
Example policy is no longer maintained upstream (obsoleted by the
reference policy, which is the basis for policy in FC5). But you could
file a bugzilla against the FC4 policy to get it fixed there.
--
Stephen Smalley
National Security Agency
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
