porting a module from treysys refpolicy to debian

Dominick Grift domg472 at gmail.com
Mon Apr 26 20:03:49 UTC 2010 

On 04/26/2010 08:47 PM, Dennison Williams wrote:
> Hello,
> 
> I am trying to port treysys' fail2ban.[te|fc]
> (http://oss.tresys.com/repos/refpolicy/trunk/policy/modules/services/)
> module to use on a debian system as a custom module and am having some
> problems.  I have built a custom module for this system, but I think
> this case is slightly different because of calls to a few different
> interfaces (that do exist on the system as installed via the
> selinux-policy-refpolicy-dev package).
> 
> When I run:
>        
>         # checkmodule -M -m -o fail2ban.mod fail2ban.te
>         checkmodule:  loading policy configuration from fail2ban.te
>         (unknown source)::ERROR 'This block has no require section.' at
> token 'init_daemon_domain' on line 10:
>         init_daemon_domain(fail2ban_t, fail2ban_exec_t)
>         type fail2ban_exec_t;
>         checkmodule:  error(s) encountered while parsing configuration
> 
> This is obviously because I am not specifying the path to where the
> init_daemon_domain interface is defined, but I am not sure how to do this.
> 
> I tried to add
>        
>          require {
>            interface init_daemon_domain;
>          }
> 
> This does not seem to be the right way to do it either.
> 
> Any help is appreciated.

Not sure what is at issue here. I usually use the Makefile that should
be included with the devel pakage to build policy. Last time i tried
checkmodule had some issues.

The errors you ran into seems like a bug related to debian.

I would encourage that you try sending e-mail to Russell Coker. You can
find his e-mail address on the bottom of this page:
http://www.coker.com.au/russell/

hth


> Sincerely,
> Dennison Williams
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/selinux/attachments/20100426/4712116f/attachment.bin

More information about the selinux mailing list