On Thu, May 28, 2020 at 7:21 AM Dominick Grift
<dominick.grift@xxxxxxxxxxx> wrote:
>
>
> tl;dr typalias (and possibly typealiasactual) statement does not like periods
>
> systemd plans to consolidate systemd-udevd and udevadm and so I was
> looking to consolidate the policy. For compatibility I wanted to add a
> (typealias .udev.udevadm.exec) and (typealiasactual .udev.udevadm.exec
> .udev.daemon.exec)
>
> That reminded me that it does not like the period name space
> delimiter in at least the typealias statement.
>
> Example:
>
> [root@brutus ~]# echo "(block test (type test1) (typealias test2.test1)
> (typealiasactual test2.test1 test.test1))" > mytest.cil
> [root@brutus ~]# semodule -vvv -i mytest.cil
>
> <snip>
> Building AST from Parse Tree
> Invalid character "." in test2.test1
> Invalid name
> Failed to create node
> Bad typealias declaration at
> /var/lib/selinux/mydssp3-mcs/tmp/modules/400/mytest/cil:1
> Problem at /var/lib/selinux/mydssp3-mcs/tmp/modules/400/mytest/cil:1
> Failed to build ast
> semodule: Failed!
>
CIL doesn't like "." in any name used in a declaration.
If you want an alias with a "." in it, then use blocks.
(block udev
(block daemon
(type exec)
)
(block udevadm
(typealias exec)
(typealiasactual exec .udev.daemon.exec)
)
)
Or something like that.
Jim
