Bug 190796 - policygentool generates wrong syntax
policygentool generates wrong syntax
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
5
All Linux
medium Severity high
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-05-05 04:59 EDT by Aleksander Adamowski
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-28 16:04:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Aleksander Adamowski 2006-05-05 04:59:56 EDT
Description of problem: 
 
I've used policygentool to create an initial template for my own policy module 
for TWiki web application in FC5. 
 
After running "/usr/share/selinux/devel/policygentool 
twiki /home/twiki/bin/view", I've tried compiling the resulting policy, and 
got the following error: 
 
# make -f /usr/share/selinux/devel/Makefile 
Compiling targeted twiki module 
/usr/bin/checkmodule:  loading policy configuration from tmp/twiki.tmp 
twiki.te:47:ERROR 'syntax error' at token ';' on line 45076: 
        type_transition twiki_t var_lib_t: twiki_var_lib_t; 
#line 47 
/usr/bin/checkmodule:  error(s) encountered while parsing configuration 
make: *** [tmp/twiki.mod] Error 1 
 
Version-Release number of selected component (if applicable): 
 
selinux-policy-2.2.34-3.fc5 
 
 
How reproducible: 
Always 
 
Steps to Reproduce: 
 
# /usr/share/selinux/devel/policygentool twiki /home/twiki/bin/view  
 
This tool generate three files for policy development, A Type Enforcement (te) 
file, a File Context (fc), and a Interface File(if).  Most of the policy rules 
will be written in the te file.  Use the File Context file to associate file 
paths with security context.  Use the interface rules to allow other protected 
domains to interact with the newly defined domains. 
After generating these files use the /usr/share/selinux/devel/Makefile to 
compile your policy package.  Then use the semodule tool to load it. 
# /usr/share/selinux/devel/policygentool myapp /usr/bin/myapp 
# make -f /usr/share/selinux/devel/Makefile 
# semodule -l myapp.pp 
# restorecon -R -v /usr/bin/myapp "all files defined in myapp.fc" 
Now you can turn on permissive mode, start your application and avc messages 
will be generated.  You can use audit2allow to help translate the avc messages 
into policy. 
# setenforce 0 
# service myapp start 
# audit2allow -R -i /var/log/audit/audit.log 
Return to continue: 
If the module uses pidfiles, what is the pidfile called? 
If the module uses logfiles, where are they stored? 
/home/twiki/data/ 
If the module has var/lib files, where are they stored? 
/home/twiki/pub/ 
Does the module have a init script? [yN] 
Does the module use the network? [yN] 
 
# make -f /usr/share/selinux/devel/Makefile 
 
Compiling targeted twiki module 
/usr/bin/checkmodule:  loading policy configuration from tmp/twiki.tmp 
twiki.te:47:ERROR 'syntax error' at token ';' on line 45076: 
        type_transition twiki_t var_lib_t: twiki_var_lib_t; 
#line 47 
/usr/bin/checkmodule:  error(s) encountered while parsing configuration 
make: *** [tmp/twiki.mod] Error 1
Comment 1 Daniel Walsh 2006-05-09 16:06:25 EDT
Fixed in selinux-policy-2.2.38-2 in rawhide.

Will show up next week in FC5
Comment 2 Daniel Walsh 2007-03-28 16:04:08 EDT
Closing bugs

Note You need to log in before you can comment on or make changes to this bug.