I have last update and default SELinux install, but I got many syntax errors for mlsconstrain. Any idea ? Thank you.
[root@desk mythcat]# uname -a
Linux desk 5.8.4-200.fc32.x86_64 #1 SMP Wed Aug 26 22:28:08 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
ausearch -c 'updatedb' --raw | audit2allow -M my-updatedb
compilation failed:
my-updatedb.te:25:ERROR 'syntax error' at token 'mlsconstrain' on line 25:
# mlsconstrain dir { read getattr execute } ((l1 dom l2 -Fail-) or (t1 == mlsfilereadtoclr -Fail-) and (h1 dom l2) or (t1 == mlsfileread -Fail-) or (t2 == mlstrustedobject -Fail-) ); Constraint DENIED
mlsconstrain dir { search } ((l1 dom l2 -Fail-) or (t1 == mlsfilereadtoclr -Fail-) and (h1 dom l2) or (t1 == mlsfileread -Fail-) or (t2 == mlstrustedobject -Fail-) ); Constraint DENIED
/usr/bin/checkmodule: error(s) encountered while parsing configuration
...
[root@desk mythcat]# ausearch -c 'ausearch' --raw | audit2allow -M my-ausearch
compilation failed:
my-ausearch.te:28:ERROR 'syntax error' at token 'mlsconstrain' on line 28:
mlsconstrain file { write create setattr relabelfrom append unlink link rename mounton } ((l1 eq l2 -Fail-) or (t1 == mlsfilewritetoclr -Fail-) and (h1 dom l2 -Fail-) and (l1 domby l2) or (t2 == mlsfilewriteinrange -Fail-) and (l1 dom l2 -Fail-) an
# mlsconstrain file { read getattr execute } ((l1 dom l2 -Fail-) or (t1 == mlsfilereadtoclr -Fail-) and (h1 dom l2 -Fail-) or (t1 == mlsfileread -Fail-) or (t2 == mlstrustedobject -Fail-) ); Constraint DENIED
/usr/bin/checkmodule: error(s) encountered while parsing configuration
...
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
