On 04/06/2016 08:18 PM, amir sheng wrote:
I am writing a policy module on Fedora trying to limit running the
who command only to specific user. Checkmodule issues following error for my script :
Error 'syntax error' at token 'domain_auto_trans' on line
But I checked the syntax and there is no typo in it. Here is my whole script. What is the
error in it?
module who 1.0;
class process transition;
role sysadm_r; }
typeattribute who_t domain;
typeattribute who_exec_t file_type;
typeattribute who_exec_t exec_type;
role sysadm_r types who_t;
domain_auto_trans (sysadm_t, who_exec_t, who_t)
the problem is you call the domain_auto_trans() macro which is supposed
to be used for module policies using reference policy.
If you apply the following fix
-module who 1.0;
it will work for you. You create a policy module using reference policy
with this change so you can call macros.
Another problem is that when I transfer this script to Centos, checkmodule of centos
issues other kind of errors. Why this happens? Kinds of errors differ by fedora or
Can you elaborate it more?
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.