Hide Forgot
Description of problem: example.te 1 2 policy_module(myapp,1.0.0) 3 4 ######################################## 5 # 6 # Declarations 7 # 8 9 type myapp_t; 10 type myapp_exec_t; 11 domain_type(myapp_t) 12 domain_entry_file(myapp_t, myapp_exec_t) $ checkmodule -C -M -m example.te -o example.mod checkmodule: loading policy configuration from example.te example.te:2:ERROR 'Building a policy module, but no module specification found. ' at token 'policy_module' on line 2: policy_module(myapp,1.0.0) 1 2 #policy_module(myapp,1.0.0) 3 module myapp 1.0.0; 4 $ checkmodule -C -M -m example.te -o example.mod checkmodule: loading policy configuration from example.te example.te:12:ERROR 'This block has no require section.' at token 'domain_type' on line 12: domain_type(myapp_t) type myapp_exec_t; checkmodule: error(s) encountered while parsing configuration Version-Release number of selected component (if applicable): checkpolicy-2.5-6.fc24.x86_64 How reproducible: 100%
The problem here is that checkmodule doesn't understand M4 macros (policy_module, domain_type, domain_entry_file). Please use the following command to compile your policy module (also, the name of the .te file has to be <module_name>.te): # mv example.te myapp.te # make -f /usr/share/selinux/devel/Makefile myapp.pp First 'all_interfaces.conf' containing definitions of all macros is created. That file is than used to expand all macros in given module. Expanded module can than be compiled by checkmodule. (use 'make' with '-n' to see commands used in the process) The following example module can be compiled directly by checkmodule because it doesn't contain macros: # cat mymodule.te module mymodule 1.0; require { class file {open read write}; type httpd_t; attribute non_security_file_type; }; allow httpd_t non_security_file_type:file { open read write }; # checkmodule -C -M -m mymodule.te -o mymodule.mod