selinux-policy-strict-sources: syntax error in Rawhide
Tom London
selinux at comcast.net
Mon Aug 9 16:11:38 UTC 2004
Stephen,
Thanks.
This particular systems is running 'stock' selinux-policy-strict files
(i.e.,
selinux-policy-strict-sources is installed, but not modified).
From your response (and from my reading of the develops on
selinux at tycho.nsa.gov), I'm guessing that the best thing to do is just
wait for the other rpm's to 'catch up'.
It appears that the 'yum' process left me with my current policy.18
file (dated Aug-1) and a policy.18.rpmnew (dated Aug-8) (from
the selinux-policy-strict package, I believe), so I'm guessing
I have 'valid' policy files for the 'current' (i.e.,
selinux-policy-strict-1.15.11)
and the 'new' (i.e., selinux-policy-strict-1.15.13) environments.
I should have enough to 'keep running' until the new packages
come (Thanks Dan!).
thanks again,
tom
> ------------------------------------------------------------------------
>
> * /From/: Stephen Smalley <sds epoch ncsc mil>
>
> ------------------------------------------------------------------------
>
>On Mon, 2004-08-09 at 11:46, Tom London wrote:
>> Seems to be an error in the latest selinux-policy-strict-sources from
>> Rawhide:
>> tom
>>
>> selinux-policy-strict-sources 100 % done 67/459
>> make: Entering directory `/etc/selinux/strict/src/policy'
>> mkdir -p /etc/selinux/strict/policy
>> /usr/bin/checkpolicy -o /etc/selinux/strict/policy/policy.18 policy.conf
>> /usr/bin/checkpolicy: loading policy configuration from policy.conf
>> domains/user.te:70:ERROR 'syntax error' at token ')' on line 43573:
>> #line 70
>> if () {
>> /usr/bin/checkpolicy: error(s) encountered while parsing configuration
>> make: *** [/etc/selinux/strict/policy/policy.18] Error 1
>> make: Leaving directory `/etc/selinux/strict/src/policy'
>
>Side effect of converting many of the compile-time tunables to runtime
>booleans - if you have a customized tunables.tun file, then it is left
>intact by rpm, and m4 ends up defining away the boolean in the policy
>sources. If you have customized your tunables, then move aside your
>tunable.tun file and replace it with the .rpmnew file and then customize
>it again. You'll also need a /etc/selinux/$SELINUXTYPE/booleans file to
>customize the booleans (but I don't think Dan has built a
>policycoreutils yet that includes the updated load_policy to pull
>boolean settings from it).
>
>--
>Stephen Smalley <sds epoch ncsc mil>
>National Security Agency
>
>
>
More information about the selinux
mailing list