Hello all, I am new to SELinux. my goal is to implement a custom, small policy on an embedded device. Currently, i have a working modified (narrowed down) policy based on the targeted refpolicy. I use a custom openembedded environment. My thought was that since I aim to use the policy on an embedded device (so no changes should be made to the policy at all), using a monolithic policy will save space and I could also give up on the managing tools, reducing more space. I am having trouble switching to monolithic policy. I wanted to made sure that the errors was not resulting from my specific rules, so i reverted for now to the regular targeted refpolicy that arrives with the openembedded SELinux meta. This is the resulting error: | Creating targeted policy.conf | Compiling targeted policy.29 | policy/modules/roles/sysadm.te:78:ERROR 'duplicate role transition for (sysadm_r,abrt_initrc_exec_t,process)' at token ';' on line 2454354: | #line 78 | role_transition sysadm_r abrt_initrc_exec_t system_r; | checkpolicy: error(s) encountered while parsing configuration | /lte/sagivde/local_views/sagivde_selinux_policy_1/vobs/le920/apps_proc/oe-core/build/tmp-glibc/sysroots/x86_64-linux/usr/bin/checkpolicy: loading policy configuration from policy.conf | make: *** [policy.29] Error 1 If I comment out the above rule a different error occurs, and this happens for again for the next error and so on.. my questions are: 1. Is moving to monolithic policy really a good choice in my case? (reduce memory consumption and disk space) 2. If so - how can i solve the above error? Thanks, Sagiv. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
