So it turns out that the name I used it didn't like and the second name I used (ui-interface) is also didn't like. When I tried uiInterface, things started working again. I don't know what the difference is, but maybe someone can enlighten me as to why the SELinux policy generation tools don't like things with hyphens in the name? -Tom -- Thomas Moyer, Technical Staff voice: (781) 981-1374 Cyber Systems Technology Group mobile: (857) 268-0493 MIT Lincoln Laboratory email: thomas.moyer@xxxxxxxxxx 244 Wood Street Lexington, MA 02420 On 10/23/12 3:52 PM, "Dominick Grift" <dominick.grift@xxxxxxxxx> wrote: > > >On Tue, 2012-10-23 at 15:28 -0400, Moyer, Thomas - 0668 - MITLL wrote: >> I am trying to build an SELinux policy module for a piece of software >> I am writing. I used sepolgen to create an initial skeleton policy >> (running on Red Hat Enterprise Linux 6). I get the following error >> when I try and install the policy: >> >> >> sudo ./interface.sh >> Building and Loading Policy >> + make -f /usr/share/selinux/devel/Makefile >> make: Nothing to be done for `all'. >> + /usr/sbin/semodule -i interface.pp >> libsemanage.semanage_fc_sort: WARNING: semanage_fc_sort: Incomplete >> context. >> libsepol.sepol_context_from_string: malformed context "dnl" >> libsepol.sepol_context_from_string: could not construct context from >> string >> libsepol.context_from_string: could not create context structure >> libsepol.sepol_context_to_sid: could not convert dnl to sid >> invalid context dnl >> libsemanage.semanage_install_active: setfiles returned error code 1. >> /usr/sbin/semodule: Failed! >> >> >> Below is the interface.fc file since I think the error might be in >> there. >> /usr/local/bin/interface -- >> gen_context(system_u:object_r:interface_exec_t,s0) >> /usr/local/libexec/interface gen_context(system_u:object_r:usr_t,s0) >> /usr/local/libexec/interface/WebApp.jar -- >> gen_context(system_u:object_r:httpd_sys_content_t,s0) >> /usr/local/libexec/interface/keystore -- >> gen_context(system_u:object_r:interfaceKey_t,s0) >> /usr/local/libexec/interface/ui-files(/.*)? >> gen_context(system_u:object_r:httpd_sys_content_t,s0) >> > >Maybe "interface" is a keyword. Could you try another name for the sake >of testing? > >The .fc contents look OK to me. > >Also make sure that the .fc has a newline at the end ( but i do not >think this is what causes this > >> Not sure how to go about debugging this. >> >> >> Thanks for the help. >> >> >> -Tom >> >> >> -- >> Thomas Moyer, Technical Staff voice: (781) 981-1374 >> Cyber Systems Technology Group mobile: (857) 268-0493 >> MIT Lincoln Laboratory email: thomas.moyer@xxxxxxxxxx >> 244 Wood Street >> Lexington, MA 02420 > >
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
