The recently released devel rpm, selinux-policy-devel-2.4.6-23.fc6.noarch.rpm, appears to contain an odd 'corruption' in the evolution.if file, viz: /usr/share/selinux/devel/include/apps/evolution.if The end of the interface file contains this set of allow statements: allow staff_evolution_alarm_t staff_t:fifo_file { getattr write }; allow staff_evolution_alarm_t staff_t:unix_stream_socket connectto; allow staff_evolution_alarm_t staff_tmp_t:dir { add_name getattr search setattr write }; allow staff_evolution_alarm_t staff_tmp_t:file { getattr lock read write }; allow staff_evolution_alarm_t staff_tmp_t:sock_file { create write }; allow staff_evolution_alarm_t tmp_t:dir read; allow staff_evolution_exchange_t staff_t:fd use; allow staff_evolution_exchange_t staff_t:fifo_file { getattr write }; allow staff_evolution_exchange_t staff_tmp_t:dir { add_name getattr search setattr write }; allow staff_evolution_exchange_t staff_tmp_t:file { getattr lock read write }; allow staff_evolution_exchange_t staff_tmp_t:sock_file { create write }; allow staff_evolution_server_t staff_t:fifo_file { getattr write }; allow staff_evolution_server_t staff_t:unix_stream_socket connectto; allow staff_evolution_server_t staff_tmp_t:dir { add_name getattr search setattr write }; allow staff_evolution_server_t staff_tmp_t:file { getattr lock read write }; allow staff_evolution_server_t staff_tmp_t:sock_file { create write }; allow staff_evolution_server_t tmp_t:dir { getattr read search }; allow staff_evolution_t default_t:lnk_file read; I had previously downloaded the .23 rpm from the testing area, but I only noticed this today whilst I was trying to build a module to rebuild my anacron module tweak against the .23 policy, and got this error message: [root selinux.local]# make localanacron.pp Compiling strict localanacron module /usr/bin/checkmodule: loading policy configuration from tmp/localanacron.tmp tmp/all_interfaces.conf:7820:ERROR 'syntax error' at token 'allow' on line 3871: allow staff_evolution_alarm_t staff_t:fifo_file { getattr write }; /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/localanacron.mod] Error 1 [root@topaz selinux.local]# [root ~]# The error message corresponds to the first rogue line in the interface file; once I'd commented out all the lines, my new module compiled Ok. I checked for any other rogue 'allow' lines in the other interface definitions, but this appears to be the only set of oddities. I made a cursory check elsewhere, and the 2.4.6-21.fc7 policy-devel appears to have the same corruption, whilst the previous stable fc6 rpm, 2.4.6-17.fc6, doesn't. I've also created BZ #222548 containing these notes. -- Ted Rule Director, Layer3 Systems Ltd W: http://www.layer3.co.uk/