On Thu, 2008-04-17 at 11:33 -0500, Xavier Toth wrote:
> This te file is not the finally resting place for copy/paste policy
> simply a convenient place to try out the class.
>
> [tedx@comms hack-policy]$ make rebuild
> rm -f /home/tedx/src2/Linux_i386/OED/policy/hack-policy.pp
> rm -f *.CKP *.ln *.o core errs ,* *~ .emacs_* tags TAGS make.log *.i
> if [ ! -d /usr/share/selinux/devel/include/jcdx ]; then \
> sudo mkdir /usr/share/selinux/devel/include/jcdx; \
> sudo chmod 777 /usr/share/selinux/devel/include/jcdx; \
> fi; \
> cp hack-policy.if /usr/share/selinux/devel/include/jcdx;
> rm -f /usr/share/selinux/devel/include/jcdx/hack-policy.if
> make -f /usr/share/selinux/devel/Makefile
> make[1]: Entering directory `/home/tedx/src2/hack-policy'
> Compiling mls hack-policy module
> /usr/bin/checkmodule: loading policy configuration from tmp/hack-policy.tmp
> hack-policy.te":30:ERROR 'unknown class x_application_data used in
> rule' at token ';' on line 3343:
> allow x_rootwindow_t self:x_application_data paste_without_confirm;
> ;
> /usr/bin/checkmodule: error(s) encountered while parsing configuration
> make[1]: *** [tmp/hack-policy.mod] Error 1
> make[1]: Leaving directory `/home/tedx/src2/hack-policy'
> make: *** [progs] Error 2
You need a
require {
class x_application_data { paste_without_confirm };
}
statement in your module or one of the interfaces it uses.
policy_module() only automatically imports requires for the kernel
classes and perms, I think.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
