Steve, The CIL policy is attached that is giving problems. I have this installed as the running policy so you may need to change the run-semanage script. If you run run-semodule after creating the /var/lib/selinux/<policy-name>/ directory structure, it should install the policy okay. If you then edit the x_select_paste.cil file you will find a comment on line 111: ; STEVE: Remove comment and then run run-semodule "Error: Duplicate rule defined (line: 29)" So remove the ';' on line 112 to read: (typetransition x_select_paste_t unconfined_t x_drawable x_select_paste_t) the error should then appear. If you add/remove the ';' on the other typetransition statements you will get different Dup line errors. Note after removing ';' on line 112, run-cil will still build policy (remove a few more and it will also error). It seems to be related to the policy size as when I added the booleans after Eric's suggestion I found I had to remove more typetransition statements to get the policy to build. Thanks for your help Richard Note I build the same policy as policy language modules using checkmodule with all the type_transition statements - with no errors.
Attachment:
CIL-policy.tar.gz
Description: GNU Zip compressed data
