Bug 431935

Summary: /usr/share/selinux/devel/Makefile will not build mls policy
Product: [Fedora] Fedora Reporter: John Wiseman <john.wiseman>
Component: selinux-policy-mlsAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: low    
Version: 8CC: dwalsh, joe
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-11-17 22:02:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Does this one work for you? none

Description John Wiseman 2008-02-07 22:09:33 UTC 
Description of problem:

The makefile located at /usr/share/selinux/devel/Makefile incorrectly generates 
policy for mcs policy instead of mls.  Bug appears to be the result of variable
"TYPE" being incorrectly set to "mcs" instead of "mls" in the initial logic to
determine what policy is in effect on the running development system.

Version-Release number of selected component (if applicable):

selinux-policy-3.0.8-101.fc8
selinux-policy-devel-3.0.8-101.fc8
selinux-policy-mls-3.0.8-101.fc8
selinux-policy-targeted-3.0.8-101.fc8

How reproducible: Very


Steps to Reproduce:
1. create F8 system with mls policy installed

2. make sure /etc/selinux/config contains:

   SELINUXTYPE=mls
   SELINUX=permissive

   and that /selinux/mls returns "1" when cat'ed

3. generate mls policy for sample app with a macro like the following:
     init_ranged_daemon_domain(your_sample_t, your_sample_exec_t, SystemLow -
System High)

or simpler solution:  Substitute last two lines of the Makefile in question

i.e   HEADER := $(SHAREDIR)/devel/include
      include $(HEADERDIR)/Makefile

for this  1 line 

   all:;echo $(TYPE) $(NAME) 

and then do a make -f /usr/share/selinux/devel/Makefile
  
Actual results:

Sample policy will fail complaining about "S15" ...

or output from modified Makefile will return

    TYPE = mcs
    NAME = mls


Expected results:

sample policy compiles and generates policy module

or

modified script should return

     TYPE = mls
     NAME = mls


Additional info:
Comment 1 Daniel Walsh 2008-02-08 16:14:39 UTC 
Created attachment 294371 [details]
Does this one work for you?
Comment 2 John Wiseman 2008-02-08 19:05:34 UTC 
I downloaded your new makefile and installed it. Then rebuilt our development
tree.  It appears to work, creating mls policy modules [ we only have mls policy
] in similar fashion to our RHEL5 builds. I also installed one of the newly created
modules and that went OK as well.

Thanks for the quick response !
Comment 3 Joe Nall 2008-02-08 20:22:45 UTC 
Worked for me too.
Comment 4 Daniel Walsh 2008-02-11 22:29:37 UTC 
Fixed in selinux-policy-3.0.8-84.fc8
Comment 5 Joe Nall 2008-02-25 15:28:42 UTC 
This change did not make it into 3.3.0
Comment 6 Daniel Walsh 2008-02-26 15:18:16 UTC 
Fixed in selinux-policy-3.3.1-2.fc9
Comment 7 Daniel Walsh 2008-11-17 22:02:56 UTC 
Closing all bugs that have been in modified for over a month.  Please reopen if the bug is not actually fixed.