On 5/17/22 20:45, Orion Poplawski wrote:
I'm getting the following error building fail2ban on EPEL9: make[1]: Entering directory '/builddir/build/BUILD/fail2ban-0.11.2'fail2ban.if:13: Error: duplicate definition of fail2ban_domtrans(). Original definition on 13. fail2ban.if:33: Error: duplicate definition of fail2ban_domtrans_client(). Original definition on 33. fail2ban.if:60: Error: duplicate definition of fail2ban_run_client(). Original definition on 60. fail2ban.if:80: Error: duplicate definition of fail2ban_stream_connect(). Original definition on 80. fail2ban.if:99: Error: duplicate definition of fail2ban_rw_inherited_tmp_files(). Original definition on 99. fail2ban.if:118: Error: duplicate definition of fail2ban_rw_stream_sockets(). Original definition on 118. fail2ban.if:137: Error: duplicate definition of fail2ban_dontaudit_use_fds(). Original definition on 137. fail2ban.if:156: Error: duplicate definition of fail2ban_dontaudit_rw_stream_sockets(). Original definition on 156. fail2ban.if:174: Error: duplicate definition of fail2ban_read_lib_files(). Original definition on 174. fail2ban.if:194: Error: duplicate definition of fail2ban_read_log(). Original definition on 194. fail2ban.if:215: Error: duplicate definition of fail2ban_append_log(). Original definition on 215. fail2ban.if:235: Error: duplicate definition of fail2ban_read_pid_files(). Original definition on 235. fail2ban.if:254: Error: duplicate definition of fail2ban_dontaudit_leaks(). Original definition on 254. fail2ban.if:281: Error: duplicate definition of fail2ban_admin(). Original definition on 281.Compiling targeted fail2ban modulefail2ban.te:102:ERROR 'syntax error' at token 'logging_watch_audit_log_files' on line 6330:logging_watch_audit_log_files(fail2ban_t)The .if errors don't seem to actually fail the build, but I'm still curious if it's time to drop the fail2ban policy from selinux-policy itself.The latter seems to be a problem, but is fine on Fedora (through F37). It also complains about other logging_watch_* macros.What happened to this in EL9?
So, it looks like the policy in EL9 is old enough to not have these macros. Any suggestions for how to conditionally support this?
-- Orion Poplawski he/him/his - surely the least important thing about me IT Systems Manager 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@xxxxxxxx Boulder, CO 80301 https://www.nwra.com/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure