On 5/28/20 3:19 PM, James Carter wrote: > On Thu, May 28, 2020 at 7:21 AM Dominick Grift > <dominick.grift@xxxxxxxxxxx> wrote: >> >> >> tl;dr typalias (and possibly typealiasactual) statement does not like periods >> >> systemd plans to consolidate systemd-udevd and udevadm and so I was >> looking to consolidate the policy. For compatibility I wanted to add a >> (typealias .udev.udevadm.exec) and (typealiasactual .udev.udevadm.exec >> .udev.daemon.exec) >> >> That reminded me that it does not like the period name space >> delimiter in at least the typealias statement. >> >> Example: >> >> [root@brutus ~]# echo "(block test (type test1) (typealias test2.test1) >> (typealiasactual test2.test1 test.test1))" > mytest.cil >> [root@brutus ~]# semodule -vvv -i mytest.cil >> >> <snip> >> Building AST from Parse Tree >> Invalid character "." in test2.test1 >> Invalid name >> Failed to create node >> Bad typealias declaration at >> /var/lib/selinux/mydssp3-mcs/tmp/modules/400/mytest/cil:1 >> Problem at /var/lib/selinux/mydssp3-mcs/tmp/modules/400/mytest/cil:1 >> Failed to build ast >> semodule: Failed! >> > > CIL doesn't like "." in any name used in a declaration. > > If you want an alias with a "." in it, then use blocks. > (block udev > (block daemon > (type exec) > ) > (block udevadm > (typealias exec) > (typealiasactual exec .udev.daemon.exec) > ) > ) > > Or something like that. Right, thanks that works and sorry about that. Feels like deja vu, must have not been the first time I encountered this. Feels kind of un-intuitive but makes perfect sense thinking about it. Just need to get used to it. > > Jim >
