This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
Could you re-test it with $ cat mypol.te policy_module(mypol,1.0) require{ type radiusd_t; } type radiusd_tmp_t; files_tmp_file(radiusd_tmp_t) allow radiusd_t radiusd_tmp_t:dir create_dir_perms; allow radiusd_t radiusd_tmp_t:file create_file_perms; files_tmp_filetrans(radiusd_t, radiuesd_tmp_t, { file dir }) optional_policy(` kerberos_keytab_template(radiusd, radiusd_t) kerberos_manage_host_rcache(radiusd_t) ') # make -f /usr/share/selinux/devel/Makefile mypol.pp # semodule -i mypol.pp
# cat mypol.te policy_module(mypol,1.0) require{ type radiusd_t; } type radiusd_tmp_t; files_tmp_file(radiusd_tmp_t) allow radiusd_t radiusd_tmp_t:dir create_dir_perms; allow radiusd_t radiusd_tmp_t:file create_file_perms; files_tmp_filetrans(radiusd_t, radiuesd_tmp_t, { file dir }) optional_policy(` kerberos_keytab_template(radiusd, radiusd_t) kerberos_manage_host_rcache(radiusd_t) ') # make -f /usr/share/selinux/devel/Makefile mypol.pp Compiling targeted mypol module /usr/bin/checkmodule: loading policy configuration from tmp/mypol.tmp mypol.te:12:ERROR 'unknown type radiuesd_tmp_t' at token ';' on line 97976: #line 12 type_transition radiusd_t tmp_t:{ file dir } radiuesd_tmp_t; /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/mypol.mod] Error 1
There is a typo. -files_tmp_filetrans(radiusd_t, radiuesd_tmp_t, { file dir }) +files_tmp_filetrans(radiusd_t, radiusd_tmp_t, { file dir })
The test is working with the custom policy and no new AVC denials appeared.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1205.html