On 2/3/20 7:21 AM, Denis Obrezkov wrote:
Hello, I am trying to make rangetransition work, this is my cil file: (type foo) (type bar) (allow foo bar (file (ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename execute swapon quotaon mounton))) (rangetransition foo bar process s0) Now, I am trying to install it: semodule -i lximage.cil Failed to resolve rangetransition statement at /var/lib/selinux/refpolicy_mcs/tmp/modules/400/lximage/cil:4 semodule: Failed! I use Debian Testing with refpolicy enforced. Policy type = mcs. What is wrong with my module? How can I get more explanatory output?
For more information you can use semodule -v -i lximage.cil In your case, CIL is particular in its syntax and wants: (rangetransition foo bar process ((s0) (s0))) Jim -- James Carter <jwcart2@xxxxxxxxxxxxx> National Security Agency
