Description of problem: The makefile located at /usr/share/selinux/devel/Makefile incorrectly generates policy for mcs policy instead of mls. Bug appears to be the result of variable "TYPE" being incorrectly set to "mcs" instead of "mls" in the initial logic to determine what policy is in effect on the running development system. Version-Release number of selected component (if applicable): selinux-policy-3.0.8-101.fc8 selinux-policy-devel-3.0.8-101.fc8 selinux-policy-mls-3.0.8-101.fc8 selinux-policy-targeted-3.0.8-101.fc8 How reproducible: Very Steps to Reproduce: 1. create F8 system with mls policy installed 2. make sure /etc/selinux/config contains: SELINUXTYPE=mls SELINUX=permissive and that /selinux/mls returns "1" when cat'ed 3. generate mls policy for sample app with a macro like the following: init_ranged_daemon_domain(your_sample_t, your_sample_exec_t, SystemLow - System High) or simpler solution: Substitute last two lines of the Makefile in question i.e HEADER := $(SHAREDIR)/devel/include include $(HEADERDIR)/Makefile for this 1 line all:;echo $(TYPE) $(NAME) and then do a make -f /usr/share/selinux/devel/Makefile Actual results: Sample policy will fail complaining about "S15" ... or output from modified Makefile will return TYPE = mcs NAME = mls Expected results: sample policy compiles and generates policy module or modified script should return TYPE = mls NAME = mls Additional info:
Created attachment 294371 [details] Does this one work for you?
I downloaded your new makefile and installed it. Then rebuilt our development tree. It appears to work, creating mls policy modules [ we only have mls policy ] in similar fashion to our RHEL5 builds. I also installed one of the newly created modules and that went OK as well. Thanks for the quick response !
Worked for me too.
Fixed in selinux-policy-3.0.8-84.fc8
This change did not make it into 3.3.0
Fixed in selinux-policy-3.3.1-2.fc9
Closing all bugs that have been in modified for over a month. Please reopen if the bug is not actually fixed.