On Sun, Dec 14, 2014 at 04:46:40PM +0100, Sven Vermeulen wrote: > On Thu, Dec 4, 2014 at 8:15 PM, Steve Lawrence <slawrence@xxxxxxxxxx> wrote: > > The seventh release candidate for the next release of SELinux Userspace > > [1] is now available. T > [...] > > Hi all > > Is it possible to kepe the tmp/ directory when building/loading a policy fails? > > # semodule -v -i foo.pp > Attempting to install module 'foo.pp': > Ok: return value of 0. > Committing changes: > Conflicting type rules > Binary policy creation failed at line 177 of > /var/lib/selinux/mcs/tmp/modules/400/java/cil Alternatively, would it be possible to just print out line 177 to the terminal? Diving into files is less ideal than just seeing both conflicting lines directly in the output. eg when there are errors during building: /usr/bin/checkmodule: loading policy configuration from tmp/mycustom.tmp mycustom.te:55:ERROR 'unknown type stttttaff_t' at token ';' on line 2790: allow stttttaff_t syslogd_t:unix_dgram_socket sendto; /usr/bin/checkmodule: error(s) encountered while parsing configuration > Failed to generate binary > semodule: Failed! > > The tmp/ directory is cleared so it is not possible to use that > location for troubleshooting. > > In this particular case, I could find the java/cil in the > /var/lib/selinux/mcs/active/modules/400 location, but if the error > would be within the foo.pp-generated CIL file, then the CIL file > cannot be found anymore. > > Wkr, > Sven Vermeulen > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
