Hi,
I have a module, which can be compiled without problems but it can still
generate errors during load. However, every other time the load succeeds.
Here's the example:
# cat foo.te
module foo 1.0;
type file_type;
require {
type user_t; # dummy require statement to keep checkmodule happy
}
# make
Compiling default foo module
Creating default foo.pp policy package
rm tmp/foo.mod.fc tmp/foo.mod
# make QUIET=n load
Loading default modules: foo
/usr/sbin/semodule -i foo.pp
Re-declaration of type file_type
Failed to create node
Bad type declaration at /var/lib/selinux/default/tmp/modules/400/foo/cil:1
/usr/sbin/semodule: Failed!
make: *** [/usr/share/selinux/devel/include/Makefile:148: tmp/loaded]
Error 1
# make QUIET=n load
Loading default modules: foo
/usr/sbin/semodule -i foo.pp
(no error)
Running semodule directly:
# semodule -i foo.pp
Re-declaration of type file_type
Failed to create node
Bad type declaration at /var/lib/selinux/default/tmp/modules/400/foo/cil:1
semodule: Failed!
# semodule -i foo.pp
# semodule -i foo.pp
Re-declaration of type file_type
Failed to create node
Bad type declaration at /var/lib/selinux/default/tmp/modules/400/foo/cil:1
semodule: Failed!
# semodule -i foo.pp
Maybe the failing transaction is not reverted properly and then the
failed module changes the system somehow? Some problem with detecting
redeclarations?
-Topi
