On Fri, Mar 31, 2023 at 9:14 AM Jonathan Strauss <john@xxxxxxxxxxxxxxxxx> wrote: > > I'm not sure if this is the right place to post this, I was writing a > policy for an API gateway and couldn't figure out why I wasn't getting > a domain transition. Turns out I was missing `type init_t;` in my > require block in the type enforcement file, but the compiler did not > complain about the missing type. > > This was in stark contrast to the policy I wrote for a JVM application > (JVM apparently needs the world + dog to operate) using audit2allow and > forgetting to put the proper type requirements in the require block. > > Seems like it should have failed with the missing `type init_t;` > It is hard to say what is going on without seeing the policy you were trying to compile. Are you able to share it? Jim > OS: Alma 9.1 > Kernel version: 5.14.0-162.18.1.el9_1.x86_64 > > libseccomp.x86_64, 2.5.2-2.el9 > libselinux.x86_64, 3.4-3.el9 > libselinux-utils.x86_64, 3.4-3.el9 > libsemanage.x86_64, 3.4-2.el9 > libsepol.x86_64, 3.4-1.1.el9 > selinux-policy.noarch, 34.1.43-1.el9_1.2 > selinux-policy-devel.noarch, 34.1.43-1.el9_1.2 > selinux-policy-targeted.noarch, 34.1.43-1.el9_1.2 > setools.x86_64, 4.4.0-5.el9 > setools-console.x86_64, 4.4.0-5.el9 > > > - Jonathan Strauss
