Re: Need to rebuild an old module with outdated syntax

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 01/05/2015 10:11 AM, Robert Nichols wrote:
> On 01/05/2015 03:29 AM, Miroslav Grepl wrote:
>> On 01/05/2015 01:55 AM, Robert Nichols wrote:
>>> Would someone please help me translate this module into something that
>>> will build on a current system (CentOS 6, checkpolicy-2.0.22-1.el6):
>>>
>>> policy_module(procmail_uncon, 1.0.18)
>>>
>>> =============== cut ===================
>>> gen_require(`
>>>     type unconfined_t;
>>>     type unconfined_exec_t;
>>>     type procmail_t;
>>>     role system_r;
>>> ')
>>>
>>> type my_uncon_exec_t;
>>> files_type(my_uncon_exec_t)
>>>
>>> allow procmail_t unconfined_t : process { transition sigchld };
>>> domain_auto_trans(procmail_t, my_uncon_exec_t, unconfined_t)
>>> role system_r types unconfined_t;
>>
>> You say you are not able to build the above policy module on CentOS 6?
>
> I cannot. With that in a file called procmail_uncon.te in a directory
> with
> a Makefile copied from /usr/share/linux/devel, running "make" yields:
>
> ========
> Compiling targeted procmail_uncon module
> /usr/bin/checkmodule:  loading policy configuration from
> tmp/procmail_uncon.tmp
> procmail_uncon.te":13:ERROR 'unknown class file used in rule' at token
> ';' on line 1045:
> #line 13
>     allow procmail_t my_uncon_exec_t:file { getattr open read execute };
> /usr/bin/checkmodule:  error(s) encountered while parsing configuration
> make: *** [tmp/procmail_uncon.mod] Error 1
> ========
>
> The following packages are installed:
> libselinux-2.0.94-5.8.el6.x86_64
> libselinux-devel-2.0.94-5.8.el6.x86_64
> libselinux-python-2.0.94-5.8.el6.x86_64
> libselinux-utils-2.0.94-5.8.el6.x86_64
> selinux-policy-3.7.19-260.el6_6.1.noarch
> libsepol-devel-2.0.41-4.el6.x86_64
> selinux-policy-targeted-3.7.19-260.el6_6.1.noarch
>
> I did dig up a procmail_uncon.pp file from an old Fedora 12 backup, and
> that file seems to install OK, so the problem is no longer critical
> for me,
> but I'd like to get this resolved.
>
You need to run the Makefile on the te file with the
policy_module(procmail_uncon, 1.0.18) line.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux