Re: refpolicy compilation issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks, Stephen, it's much clearer with warnings. As for refpolicy version and config - I'm trying to build refpolicy-2.20081210, with default build.conf, just:
# make conf ; make policy

BTW, policy.conf contains lots of garbage. Is it OK?  Here is what's around line 7140 of policy.conf

##### begin init_sigchld(amavis_t) depth: 2
#line 11

#line 11

#line 11

#line 11

#line 11
                        require {
#line 11

#line 11
                type init_t;
#line 11

#line 11
                        } # end require
#line 11

#line 11

#line 11

#line 11

#line 11

        allow amavis_t init_t:process sigchld;
#line 11

#line 11

#line 11
##### end init_sigchld(amavis_t) depth: 1


Regards,

Kirill Novikov,
EastLinux Team


On Fri, Feb 27, 2009 at 7:14 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
On Fri, 2009-02-27 at 16:57 +0500, Kirill "REDbyte" Novikov wrote:
> Hi there everyone!
>
> I'm got a strange problem compiling latest refpolicy (as well as all
> other versions), found nothing alike on the mailing lists, so maybe
> someone from here would help me.
>
> Policy compilation fails like this:
>
> Creating refpolicy policy.conf
> cat tmp/pre_te_files.conf tmp/all_attrs_types.conf
> tmp/global_bools.conf tmp/only_te_rules.conf tmp/all_post.conf >
> policy.conf
> Compiling refpolicy policy.23
>
> WARNING: Policy version mismatch!  Is your OUTPUT_POLICY set
> correctly?
>
> /usr/bin/checkpolicy policy.conf -o policy.23
> /usr/bin/checkpolicy:  loading policy configuration from policy.conf
> policy/modules/services/amavis.te":11:ERROR 'syntax error' at token
> ':' on line 7140:
>         allow amavis_t init_t:process sigchld;
> #line 11
> checkpolicy:  error(s) encountered while parsing configuration
> make: *** [policy.23] Error 1
>
> I'm using latest development versions of SELinux stuff, available from
> Tresys' trac. I have checked /selinux/policyvers and it contains 24 -
> but latest policy version supported by checkpolicy 2.0.16 is 23. Have
> any ideas?

The policy version mismatch warning is just a warning, not a fatal
error.  The later compilation error in amavis.te looks unrelated and is
presumably due to something wrong in the lines preceding that statement
in policy.conf.

Are you trying to build the last release of refpolicy
(refpolicy-2.20081210) or the svn trunk?  What are your build.conf
settings or command-line overrides to make?

To generate policy.24, you'd need to build checkpolicy from the git
development repository rather than using the last released version.
But that shouldn't be necessary to build refpolicy, and although your
kernel supports policy.24, it will accept policy.23 as well.  So I
wouldn't bother changing your version of checkpolicy - I don't think it
is related to the error.

--
Stephen Smalley
National Security Agency


[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux