porting a module from treysys refpolicy to debian
Dominick Grift
domg472 at gmail.com
Mon Apr 26 20:03:49 UTC 2010
On 04/26/2010 08:47 PM, Dennison Williams wrote:
> Hello,
>
> I am trying to port treysys' fail2ban.[te|fc]
> (http://oss.tresys.com/repos/refpolicy/trunk/policy/modules/services/)
> module to use on a debian system as a custom module and am having some
> problems. I have built a custom module for this system, but I think
> this case is slightly different because of calls to a few different
> interfaces (that do exist on the system as installed via the
> selinux-policy-refpolicy-dev package).
>
> When I run:
>
> # checkmodule -M -m -o fail2ban.mod fail2ban.te
> checkmodule: loading policy configuration from fail2ban.te
> (unknown source)::ERROR 'This block has no require section.' at
> token 'init_daemon_domain' on line 10:
> init_daemon_domain(fail2ban_t, fail2ban_exec_t)
> type fail2ban_exec_t;
> checkmodule: error(s) encountered while parsing configuration
>
> This is obviously because I am not specifying the path to where the
> init_daemon_domain interface is defined, but I am not sure how to do this.
>
> I tried to add
>
> require {
> interface init_daemon_domain;
> }
>
> This does not seem to be the right way to do it either.
>
> Any help is appreciated.
Not sure what is at issue here. I usually use the Makefile that should
be included with the devel pakage to build policy. Last time i tried
checkmodule had some issues.
The errors you ran into seems like a bug related to debian.
I would encourage that you try sending e-mail to Russell Coker. You can
find his e-mail address on the bottom of this page:
http://www.coker.com.au/russell/
hth
> Sincerely,
> Dennison Williams
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100426/4712116f/attachment.bin
More information about the selinux
mailing list