Bug 668871
| Summary: | SELinux Policy compiler doesn't like leading numbers in fs names | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | IBM Bug Proxy <bugproxy> |
| Component: | checkpolicy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | urgent | Docs Contact: | |
| Priority: | low | ||
| Version: | 14 | CC: | dwalsh, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Fixed In Version: | checkpolicy-2.0.23-2.fc14 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-01-19 21:08:25 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Fixed in checkpolicy-2.0.23-2.fc14 ------- Comment From gcwilson.com 2011-01-12 18:00 EDT------- Thanks, Dan. I applied the upstream patch against checkpolicy-2.0.22-1 and it appears to do the trick. checkpolicy-2.0.23-2.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/checkpolicy-2.0.23-2.fc14 checkpolicy-2.0.23-2.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update checkpolicy'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/checkpolicy-2.0.23-2.fc14 ------- Comment From gcwilson.com 2011-01-13 19:18 EDT------- checkpolicy-2.0.23-2.fc14 tested successfully on Fedora 14 x86_64. Closing on our side. Many thanks, Dan! Please update karma. ------- Comment From gcwilson.com 2011-01-14 10:20 EDT------- Done - and thanks once more. The Karma points are new to me - I wish we had updating it built into our mirroring system somehow (like that'll happen!). checkpolicy-2.0.23-2.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. |
-- Problem description -- While trying to add "9p" filesystem(VirtFS) support we discovered that the compiler doesn't like tags starting with numbers. Given that Linux supports the filesytem type "9p" selinux need to support this filesystem Patch applied: diff -Naurp serefpolicy-3.6.32-orig/policy/modules/kernel/filesystem.te serefpolicy-3.6.32/policy/modules/kernel/filesystem.te --- serefpolicy-3.6.32-orig/policy/modules/kernel/filesystem.te 2011-01-10 19:55:29.941000001 -0500 +++ serefpolicy-3.6.32/policy/modules/kernel/filesystem.te 2011-01-11 14:46:08.479999472 -0500 @@ -252,6 +252,7 @@ genfscon ncpfs / gen_context(system_u:ob genfscon reiserfs / gen_context(system_u:object_r:nfs_t,s0) genfscon panfs / gen_context(system_u:object_r:nfs_t,s0) genfscon gadgetfs / gen_context(system_u:object_r:nfs_t,s0) +genfscon 9p / gen_context(system_u:object_r:nfs_t,s0) type xenfs_t; fs_noxattr_type(xenfs_t) ... /usr/bin/checkmodule -M -U allow base.conf -o tmp/base.mod /usr/bin/checkmodule: loading policy configuration from base.conf tmp/rolemap.conf":632:ERROR 'syntax error' at token '9' on line 1061153: genfscon gadgetfs / system_u:object_r:nfs_t:s0 genfscon 9p / system_u:object_r:nfs_t:s0 /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/base.mod] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.2XS8n3 (%install) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.2XS8n3 (%install) [root@localhost rpmbuild]# The patch and test are against the latest Fedora 12 policy. However, I verified the same thing happens on Fedora 14.