This bug has been migrated to another issue tracking site. It has been closed here and may no longer be being monitored.

If you would like to get updates for this issue, or to participate in it, you may do so at Red Hat Issue Tracker .
Bug 2116502 - can't build policy from sepolicy generate -r webadm_r
Summary: can't build policy from sepolicy generate -r webadm_r
Keywords:
Status: CLOSED MIGRATED
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: policycoreutils
Version: 9.1
Hardware: Unspecified
OS: Linux
high
unspecified
Target Milestone: rc
: ---
Assignee: Petr Lautrbach
QA Contact: Milos Malik
URL:
Whiteboard:
: 2092379 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-08-08 16:11 UTC by Petr Lautrbach
Modified: 2023-06-30 13:24 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-06-30 13:23:56 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker   RHEL-687 0 None None None 2023-06-30 13:23:55 UTC
Red Hat Issue Tracker RHELPLAN-130529 0 None None None 2022-08-08 16:26:38 UTC

Description Petr Lautrbach 2022-08-08 16:11:43 UTC 
Description of problem:

# mkdir mypolicy

# sepolicy generate -p mypolicy  -n testpolicy --admin_user -r webadm_r
Created the following files:
mypolicy/testpolicy.te # Soubor typu prosazování
mypolicy/testpolicy.if # Soubor rozhraní
mypolicy/testpolicy.fc # Soubor kontextového souboru
mypolicy/testpolicy_selinux.spec # Spec soubor
mypolicy/testpolicy.sh # Skript nastavení

# mypolicy/testpolicy.sh 
Compiling targeted testpolicy module
Creating targeted testpolicy.pp policy package
rm tmp/testpolicy.mod.fc tmp/testpolicy.mod
+ /usr/sbin/semodule -i testpolicy.pp
Failed to resolve roleattributeset statement at /var/lib/selinux/targeted/tmp/modules/400/testpolicy/cil:9
Failed to resolve AST
/usr/sbin/semodule:  Failed!
Comment 1 Milos Malik 2022-11-28 08:45:03 UTC 
I believe this BZ is a duplicate of BZ#2092379.
Comment 3 Milos Malik 2023-06-30 12:48:42 UTC 
The bug seems to be fixed on RHEL-9.3 with the latest policycoreutils build:

# rpm -qa selinux\*
selinux-policy-38.1.15-1.el9.noarch
selinux-policy-targeted-38.1.15-1.el9.noarch
selinux-policy-devel-38.1.15-1.el9.noarch
# rpm -qa | grep policycoreutils
policycoreutils-3.5-2.el9.x86_64
python3-policycoreutils-3.5-2.el9.noarch
policycoreutils-python-utils-3.5-2.el9.noarch
policycoreutils-devel-3.5-2.el9.x86_64
policycoreutils-newrole-3.5-2.el9.x86_64
# mkdir mypolicy
# sepolicy generate -p mypolicy  -n testpolicy --admin_user -r webadm_r
Created the following files:
mypolicy/testpolicy.te # Type Enforcement file
mypolicy/testpolicy.if # Interface file
mypolicy/testpolicy.fc # File Contexts file
mypolicy/testpolicy_selinux.spec # Spec file
mypolicy/testpolicy.sh # Setup Script

# ./mypolicy/testpolicy.sh 
Building and Loading Policy
+ make -f /usr/share/selinux/devel/Makefile testpolicy.pp
make: 'testpolicy.pp' is up to date.
+ /usr/sbin/semodule -i testpolicy.pp
+ sepolicy manpage -p . -d testpolicy_t
./testpolicy_selinux.8
+ /usr/sbin/semanage user -a -R 'testpolicy_r webadm_r system_r' testpolicy_u
+ cat
+ '[' '!' -f /etc/selinux/targeted/contexts/users/testpolicy_u ']'
++ pwd
+ pwd=/root/mypolicy
+ rpmbuild --define '_sourcedir /root/mypolicy' --define '_specdir /root/mypolicy' --define '_builddir /root/mypolicy' --define '_srcrpmdir /root/mypolicy' --define '_rpmdir /root/mypolicy' --define '_buildrootdir /root/mypolicy/.build' -ba testpolicy_selinux.spec
setting SOURCE_DATE_EPOCH=1688083200
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.dfGrPp
+ umask 022
+ cd /root/mypolicy
+ '[' /root/mypolicy/.build/testpolicy_selinux-1.0-1.el9.x86_64 '!=' / ']'
+ rm -rf /root/mypolicy/.build/testpolicy_selinux-1.0-1.el9.x86_64
++ dirname /root/mypolicy/.build/testpolicy_selinux-1.0-1.el9.x86_64
+ mkdir -p /root/mypolicy/.build
+ mkdir /root/mypolicy/.build/testpolicy_selinux-1.0-1.el9.x86_64
+ install -d /root/mypolicy/.build/testpolicy_selinux-1.0-1.el9.x86_64/usr/share/selinux/packages
+ install -m 644 /root/mypolicy/testpolicy.pp /root/mypolicy/.build/testpolicy_selinux-1.0-1.el9.x86_64/usr/share/selinux/packages
+ install -d /root/mypolicy/.build/testpolicy_selinux-1.0-1.el9.x86_64/usr/share/selinux/devel/include/contrib
+ install -m 644 /root/mypolicy/testpolicy.if /root/mypolicy/.build/testpolicy_selinux-1.0-1.el9.x86_64/usr/share/selinux/devel/include/contrib/
+ install -d /root/mypolicy/.build/testpolicy_selinux-1.0-1.el9.x86_64/usr/share/man/man8/
+ install -m 644 /root/mypolicy/testpolicy_selinux.8 /root/mypolicy/.build/testpolicy_selinux-1.0-1.el9.x86_64/usr/share/man/man8/testpolicy_selinux.8
+ install -d /root/mypolicy/.build/testpolicy_selinux-1.0-1.el9.x86_64/etc/selinux/targeted/contexts/users/
+ install -m 644 /root/mypolicy/testpolicy_u /root/mypolicy/.build/testpolicy_selinux-1.0-1.el9.x86_64/etc/selinux/targeted/contexts/users/testpolicy_u
+ /usr/lib/rpm/check-buildroot
+ /usr/lib/rpm/redhat/brp-ldconfig
+ /usr/lib/rpm/brp-compress
+ /usr/lib/rpm/brp-strip /usr/bin/strip
+ /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump
+ /usr/lib/rpm/redhat/brp-strip-lto /usr/bin/strip
+ /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip
+ /usr/lib/rpm/redhat/brp-python-bytecompile '' 1 0
+ /usr/lib/rpm/brp-python-hardlink
+ /usr/lib/rpm/redhat/brp-mangle-shebangs
Processing files: testpolicy_selinux-1.0-1.el9.noarch
Provides: testpolicy_selinux = 1.0-1.el9
Requires(interp): /bin/sh /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(post): /bin/sh policycoreutils-python-utils selinux-policy-base >= 38.1.15-1
Requires(postun): /bin/sh policycoreutils-python-utils
Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/mypolicy/.build/testpolicy_selinux-1.0-1.el9.x86_64
Wrote: /root/mypolicy/testpolicy_selinux-1.0-1.el9.src.rpm
Wrote: /root/mypolicy/noarch/testpolicy_selinux-1.0-1.el9.noarch.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.z8ZxXR
+ umask 022
+ cd /root/mypolicy
+ /usr/bin/rm -rf /root/mypolicy/.build/testpolicy_selinux-1.0-1.el9.x86_64
+ RPM_EC=0
++ jobs -p
+ exit 0
# /usr/sbin/semanage user -l | grep testpolicy
testpolicy_u    user       s0         s0                             system_r testpolicy_r webadm_r
#
Comment 4 Milos Malik 2023-06-30 12:49:51 UTC 
*** Bug 2092379 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.