Bug 222548 - Corrupt evolution.if in selinux-policy-devel-2.4.6-23.fc6.noarch.rpm
Corrupt evolution.if in selinux-policy-devel-2.4.6-23.fc6.noarch.rpm
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
: 222544 222671 (view as bug list)
Depends On:
Blocks: 222805
  Show dependency treegraph
 
Reported: 2007-01-13 17:33 EST by Ted Rule
Modified: 2007-11-30 17:11 EST (History)
4 users (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-22 10:13:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ted Rule 2007-01-13 17:33:07 EST
Description of problem:

The recently released devel rpm, selinux-policy-devel-2.4.6-23.fc6.noarch.rpm,
appears to contain an odd 'corruption' in the evolution.if file, viz:

/usr/share/selinux/devel/include/apps/evolution.if

The end of the interface file contains this set of allow statements: 

allow staff_evolution_alarm_t staff_t:fifo_file { getattr write };
allow staff_evolution_alarm_t staff_t:unix_stream_socket connectto;
allow staff_evolution_alarm_t staff_tmp_t:dir { add_name getattr search setattr
write };
allow staff_evolution_alarm_t staff_tmp_t:file { getattr lock read write };
allow staff_evolution_alarm_t staff_tmp_t:sock_file { create write };
allow staff_evolution_alarm_t tmp_t:dir read;

allow staff_evolution_exchange_t staff_t:fd use;
allow staff_evolution_exchange_t staff_t:fifo_file { getattr write };
allow staff_evolution_exchange_t staff_tmp_t:dir { add_name getattr search
setattr write };
allow staff_evolution_exchange_t staff_tmp_t:file { getattr lock read write };
allow staff_evolution_exchange_t staff_tmp_t:sock_file { create write };

allow staff_evolution_server_t staff_t:fifo_file { getattr write };
allow staff_evolution_server_t staff_t:unix_stream_socket connectto;
allow staff_evolution_server_t staff_tmp_t:dir { add_name getattr search setattr
write };
allow staff_evolution_server_t staff_tmp_t:file { getattr lock read write };
allow staff_evolution_server_t staff_tmp_t:sock_file { create write };
allow staff_evolution_server_t tmp_t:dir { getattr read search };

allow staff_evolution_t default_t:lnk_file read;


I had previously downloaded the .23 rpm from the testing area,
but I only noticed this today whilst I was trying to build a module
to rebuild my anacron module tweak against the .23 policy,
and got this error message:

[root selinux.local]# make localanacron.pp
Compiling strict localanacron module
/usr/bin/checkmodule:  loading policy configuration from tmp/localanacron.tmp
tmp/all_interfaces.conf:7820:ERROR 'syntax error' at token 'allow' on line 3871:

allow staff_evolution_alarm_t staff_t:fifo_file { getattr write };
/usr/bin/checkmodule:  error(s) encountered while parsing configuration
make: *** [tmp/localanacron.mod] Error 1
[root@topaz selinux.local]#

[root ~]#


The error message corresponds to the first rogue line in the interface file;
once I'd commented out all the lines, my new module compiled Ok.
I checked for any other rogue 'allow' lines in the other interface definitions,
but this appears to be the only set of oddities.

I made a cursory check elsewhere, and the 2.4.6-21.fc7 policy-devel
appears to have the same corruption, whilst the 2.4.6-17.fc6 doesn't.


Version-Release number of selected component (if applicable):

selinux-policy-devel-2.4.6-23.fc6.noarch.rpm


How reproducible:

Attempting to build a new selinux module using 
/usr/share/selinux/devel/Makefile using .te .fc files aborts during
compilation.


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 3 Daniel Walsh 2007-01-15 10:04:57 EST
Fixed in selinux-policy-devel-2.4.6-27
Comment 4 Daniel Walsh 2007-01-15 10:52:06 EST
*** Bug 222544 has been marked as a duplicate of this bug. ***
Comment 5 Karl MacMillan 2007-01-15 11:57:45 EST
*** Bug 222671 has been marked as a duplicate of this bug. ***
Comment 6 Daniel Walsh 2007-08-22 10:13:17 EDT
Fixed in current release

Note You need to log in before you can comment on or make changes to this bug.