Need to rebuild an old module with outdated syntax

Robert Nichols rnicholsNOSPAM at comcast.net
Mon Jan 5 20:55:02 UTC 2015 

On 01/05/2015 02:41 PM, Daniel J Walsh wrote:
>
> On 01/05/2015 10:11 AM, Robert Nichols wrote:
>> On 01/05/2015 03:29 AM, Miroslav Grepl wrote:
>>> On 01/05/2015 01:55 AM, Robert Nichols wrote:
>>>> Would someone please help me translate this module into something that
>>>> will build on a current system (CentOS 6, checkpolicy-2.0.22-1.el6):
>>>>
>>>> policy_module(procmail_uncon, 1.0.18)
>>>>
>>>> =============== cut ===================
>>>> gen_require(`
>>>>      type unconfined_t;
>>>>      type unconfined_exec_t;
>>>>      type procmail_t;
>>>>      role system_r;
>>>> ')
>>>>
>>>> type my_uncon_exec_t;
>>>> files_type(my_uncon_exec_t)
>>>>
>>>> allow procmail_t unconfined_t : process { transition sigchld };
>>>> domain_auto_trans(procmail_t, my_uncon_exec_t, unconfined_t)
>>>> role system_r types unconfined_t;
>>>
>>> You say you are not able to build the above policy module on CentOS 6?
>>
>> I cannot. With that in a file called procmail_uncon.te in a directory
>> with
>> a Makefile copied from /usr/share/linux/devel, running "make" yields:
>>
>> ========
>> Compiling targeted procmail_uncon module
>> /usr/bin/checkmodule:  loading policy configuration from
>> tmp/procmail_uncon.tmp
>> procmail_uncon.te":13:ERROR 'unknown class file used in rule' at token
>> ';' on line 1045:
>> #line 13
>>      allow procmail_t my_uncon_exec_t:file { getattr open read execute };
>> /usr/bin/checkmodule:  error(s) encountered while parsing configuration
>> make: *** [tmp/procmail_uncon.mod] Error 1
>> ========
>>
>> The following packages are installed:
>> libselinux-2.0.94-5.8.el6.x86_64
>> libselinux-devel-2.0.94-5.8.el6.x86_64
>> libselinux-python-2.0.94-5.8.el6.x86_64
>> libselinux-utils-2.0.94-5.8.el6.x86_64
>> selinux-policy-3.7.19-260.el6_6.1.noarch
>> libsepol-devel-2.0.41-4.el6.x86_64
>> selinux-policy-targeted-3.7.19-260.el6_6.1.noarch
>>
>> I did dig up a procmail_uncon.pp file from an old Fedora 12 backup, and
>> that file seems to install OK, so the problem is no longer critical
>> for me,
>> but I'd like to get this resolved.
>>
> You need to run the Makefile on the te file with the
> policy_module(procmail_uncon, 1.0.18) line.

I have no idea what you mean by that. You don't run a Makefile _on_ a
source file. OK, I'll try it anyway:
========
# make procmail_uncon.te
make: Nothing to be done for `procmail_uncon.te'.
========
Yes, it already exists and has no dependencies.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.

More information about the selinux mailing list