[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Selinux checkpolicy parse error

To: selinux@xxxxxxxxxxxxx, cwarner@xxxxxxxxxxxxxx
Subject: Selinux checkpolicy parse error
From: Christopher Warner <chris@xxxxxxxxxxxxxx>
Date: Tue, 29 Mar 2005 07:10:32 -0500
Sender: owner-selinux@xxxxxxxxxxxxx

Hey guys/gals,

I'm applying Selinux (1.22) to a native distro built inhouse for the
company that I work for.

I've lovingly applied the required patches to the relevant programs that
require Selinux (from fedora without subsequent fedora dependency where
found, so it works with inhouse distro). Now I am trying to configure
the default policy and am not sure as to why it's not working. It seems
that there is something wrong with checkpolicy and parsing. I've tried
to search the mailing list but the interface via nsa.gov is kludgy and
ineffective for searching the archive. There seems to have been a
resolution regarding checkpolicy but the communication between the two
parties was private or missing from the list. Should there be a better
interface to previous archived messaging I'd like to know.

Here is the respective error:

 -bash-3.00# make
/usr/bin/checkpolicy  -o policy.19 policy.conf
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
types/file.te:92:ERROR 'syntax error' at token ':' on line 3329:
type shadow_t, file_type, secure_file_type;
allow auth shadow_t: file { getattr read };
/usr/bin/checkpolicy:  error(s) encountered while parsing configuration
make: *** [policy.19] Error 1

The line from policy.conf:
allow auth shadow_t : file { getattr read };

Syntax seems to be correct; I'm currently using flex version 2.5.4.
Kernel version 2.6.11.5, i'm patched up with everything from cvs.

Essentially I would just like to create a simple policy to get things
working. I'd try to start with something simple but the way the policy
is intertwined with context's etc would require me to basically start
rewriting from there and I'm not sufficiently experienced enough with
Selinux to do so yet. If there is no way to do so beyond that I am
willing to put the required effort and time in. However, I suspect there
is a more succinct and quicker way to get up and started.

Any guidance would be greatly appreciated.

Thanks,
Christopher Warner


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- Re: Selinux checkpolicy parse error
  - From: Stephen Smalley

Prev by Date: Policy Patch
Next by Date: Re: Selinux checkpolicy parse error
Previous by thread: RE: setools-1.5.1
Next by thread: Re: Selinux checkpolicy parse error
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.