On Wed, Oct 27, 2021 at 5:32 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > genfscon rules have always supported an optional file type, but when > the ability for writing a policy.conf file from a kernel policy was > added to libsepol it did not include that support. Support for the > optional file type was also left out of CIL genfscon rules. > > This patch set fixes these problems. > > Patch 1 adds support for writing the optional file type in genfscon rules > when writing a policy.conf file from a kernel policy. > > Patches 2-4 adds support in CIL for handling an optional file type > in genfscon rules, updates the CIL documentation, and adds support > when writing out CIL from a kernel policy or module as well. > > James Carter (4): > libsepol: Add support for file types in writing out policy.conf > libsepol/cil: Allow optional file type in genfscon rules > secilc/docs: Document the optional file type for genfscon rules > libsepol: Write out genfscon file type when writing out CIL policy > > libsepol/cil/src/cil_binary.c | 39 +++++++++++++++++++ > libsepol/cil/src/cil_build_ast.c | 43 +++++++++++++++++++-- > libsepol/cil/src/cil_internal.h | 1 + > libsepol/src/kernel_to_cil.c | 35 ++++++++++++++++- > libsepol/src/kernel_to_conf.c | 35 ++++++++++++++++- > libsepol/src/module_to_cil.c | 27 ++++++++++++- > secilc/docs/cil_file_labeling_statements.md | 10 ++++- > 7 files changed, 179 insertions(+), 11 deletions(-) Something here breaks on the selinux-testsuite policy: 3231# Run the test suite 3232# 3233make test 3234make -C policy load 3235make[1]: Entering directory '/root/selinux-testsuite/policy' 3236# Test for "expand-check = 0" in /etc/selinux/semanage.conf 3237# General policy build 3238make[2]: Entering directory '/root/selinux-testsuite/policy/test_policy' 3239Compiling targeted test_policy module 3240Creating targeted test_policy.pp policy package 3241rm tmp/test_policy.mod tmp/test_policy.mod.fc 3242make[2]: Leaving directory '/root/selinux-testsuite/policy/test_policy' 3243# General policy load 3244domain_fd_use --> on 3245/usr/sbin/semodule -i test_policy/test_policy.pp test_mlsconstrain.cil test_overlay_defaultrange.cil test_userfaultfd.cil test_add_levels.cil test_glblub.cil 3246What is going on? 3247Failed to generate binary 3248/usr/sbin/semodule: Failed! 3249make[1]: *** [Makefile:189: load] Error 1 3250make[1]: Leaving directory '/root/selinux-testsuite/policy' 3251make: *** [Makefile:7: test] Error 2 3252Error: Process completed with exit code 2.
