building base policy on RHEL5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am (SELinux newbie) working on a project which will require me to add new object classes to my policy. After doing much reading, I find that in order to add object classes I must modify and build the base policy (??). My approach is to download the source for the policy, modify it with the new object classes and TE rules, and build it. My first step is to try and simply build the strict (or any) policy from the sources. I get a syntax error when trying to build the policy. My steps are:

rpm -i selinux-policy-2.4.6-137.1.el5.src.rpm
cd /usr/src/redhat/SPECS
rpmbuild -bp selinux-policy.spec
cd /usr/src/redhat/BUILD/serefpolicy-2.4.6
make conf
make

which results in the following failure:

/usr/bin/checkpolicy policy.conf -o policy.21
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
policy/modules/services/fail2ban.te:59:ERROR 'syntax error' at token 'corenet_tcp_connect_whois_port' on line 439903:
 
corenet_tcp_connect_whois_port(fail2ban_t)
checkpolicy:  error(s) encountered while parsing configuration
make: *** [policy.21] Error 1


some possibly relevant packages are:

checkpolicy.i386                         1.33.1-4.el5           installed      
policycoreutils.i386                     1.33.12-14.el5         installed      
policycoreutils-gui.i386                 1.33.12-14.el5         installed      
policycoreutils-newrole.i386             1.33.12-14.el5         installed      
selinux-policy.noarch                    2.4.6-137.1.el5        installed      
selinux-policy-devel.noarch              2.4.6-137.1.el5        installed      
selinux-policy-mls.noarch                2.4.6-137.1.el5        installed      
selinux-policy-strict.noarch             2.4.6-137.1.el5        installed      
selinux-policy-targeted.noarch           2.4.6-137.1.el5        installed   
libselinux.i386                          1.33.4-5.el5           installed      
libselinux-devel.i386                    1.33.4-5.el5           installed      
libselinux-python.i386                   1.33.4-5.el5           installed      
libsemanage.i386                         1.9.1-3.el5            installed      
libsepol.i386                            1.15.2-1.el5           installed      
libsepol-devel.i386                      1.15.2-1.el5           installed 
setools.i386                             3.0-3.el5              installed
setools-devel.i386                       3.0-3.el5              installed      
setools-gui.i386                         3.0-3.el5              installed      
setroubleshoot.noarch                    2.0.5-3.el5            installed      
setroubleshoot-plugins.noarch            2.0.4-2.el5            installed      
setroubleshoot-server.noarch             2.0.5-3.el5            installed     

Any help would be greatly appreciated,

Andy
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux