Bug 1722836
| Summary: | ERROR 'syntax error' at token 'speech-dispatcher_admin' | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Milos Malik <mmalik> |
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
| Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 8.1 | CC: | lvrabec, mmalik, plautrba, ssekidde, zpytela |
| Target Milestone: | rc | Flags: | pm-rhel:
mirror+
|
| Target Release: | 8.1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | 1722622 | Environment: | |
| Last Closed: | 2019-11-05 22:11:47 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3547 |
Description of problem: I believe the '-' character causing the problems. What if '-' was replaced by '_' in all speech* types? # seinfo -t | grep speech speech-dispatcher_exec_t speech-dispatcher_home_t speech-dispatcher_log_t speech-dispatcher_t speech-dispatcher_tmp_t speech-dispatcher_tmpfs_t speech-dispatcher_unit_file_t speech_client_packet_t speech_port_t speech_server_packet_t # Version-Release number of selected component (if applicable): selinux-policy-3.14.3-8.el8.noarch selinux-policy-targeted-3.14.3-8.el8.noarch selinux-policy-devel-3.14.3-8.el8.noarch How reproducible: * always Steps to Reproduce: 1. get a RHEL-8.1 machine (targeted policy is active) 2. prepare the following TE file # cat confined_admin.te policy_module(confined_admin,1.0.0) userdom_admin_user_template(confined_admin) require { role staff_r; } role confined_admin_r; allow staff_r confined_admin_r; domain_use_interactive_fds(confined_admin_t) files_read_etc_files(confined_admin_t) miscfiles_read_localization(confined_admin_t) speech-dispatcher_admin(confined_admin_t,confined_admin_r) 3. compile the TE file into a policy module # make -f /usr/share/selinux/devel/Makefile Compiling targeted confined_admin module confined_admin.te:19:ERROR 'syntax error' at token 'speech-dispatcher_admin' on line 36005: speech-dispatcher_admin(confined_admin_t,confined_admin_r) /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [/usr/share/selinux/devel/include/Makefile:157: tmp/confined_admin.mod] Error 1 # Actual results: * error message appears * .pp file is not created Expected results: * the syntax error is corrected * .pp file is created --- Additional comment from Milos Malik on 2019-06-20 20:07:24 UTC --- Found during the investigation of /CoreOS/selinux-policy/Sanity/confined-admins-and-their-services results.