On 01/05/2015 03:29 AM, Miroslav Grepl wrote:
On 01/05/2015 01:55 AM, Robert Nichols wrote:
Would someone please help me translate this module into something that
will build on a current system (CentOS 6, checkpolicy-2.0.22-1.el6):
policy_module(procmail_uncon, 1.0.18)
=============== cut ===================
gen_require(`
type unconfined_t;
type unconfined_exec_t;
type procmail_t;
role system_r;
')
type my_uncon_exec_t;
files_type(my_uncon_exec_t)
allow procmail_t unconfined_t : process { transition sigchld };
domain_auto_trans(procmail_t, my_uncon_exec_t, unconfined_t)
role system_r types unconfined_t;
You say you are not able to build the above policy module on CentOS 6?
I cannot. With that in a file called procmail_uncon.te in a directory with
a Makefile copied from /usr/share/linux/devel, running "make" yields:
========
Compiling targeted procmail_uncon module
/usr/bin/checkmodule: loading policy configuration from tmp/procmail_uncon.tmp
procmail_uncon.te":13:ERROR 'unknown class file used in rule' at token ';' on
line 1045:
#line 13
allow procmail_t my_uncon_exec_t:file { getattr open read execute };
/usr/bin/checkmodule: error(s) encountered while parsing configuration
make: *** [tmp/procmail_uncon.mod] Error 1
========
The following packages are installed:
libselinux-2.0.94-5.8.el6.x86_64
libselinux-devel-2.0.94-5.8.el6.x86_64
libselinux-python-2.0.94-5.8.el6.x86_64
libselinux-utils-2.0.94-5.8.el6.x86_64
selinux-policy-3.7.19-260.el6_6.1.noarch
libsepol-devel-2.0.41-4.el6.x86_64
selinux-policy-targeted-3.7.19-260.el6_6.1.noarch
I did dig up a procmail_uncon.pp file from an old Fedora 12 backup, and
that file seems to install OK, so the problem is no longer critical for me,
but I'd like to get this resolved.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
