Need to rebuild an old module with outdated syntax

Daniel J Walsh dwalsh at redhat.com
Mon Jan 5 22:05:21 UTC 2015 

On 01/05/2015 03:55 PM, Robert Nichols wrote:
> On 01/05/2015 02:41 PM, Daniel J Walsh wrote:
>>
>> On 01/05/2015 10:11 AM, Robert Nichols wrote:
>>> On 01/05/2015 03:29 AM, Miroslav Grepl wrote:
>>>> On 01/05/2015 01:55 AM, Robert Nichols wrote:
>>>>> Would someone please help me translate this module into something
>>>>> that
>>>>> will build on a current system (CentOS 6, checkpolicy-2.0.22-1.el6):
>>>>>
>>>>> policy_module(procmail_uncon, 1.0.18)
>>>>>
>>>>> =============== cut ===================
>>>>> gen_require(`
>>>>>      type unconfined_t;
>>>>>      type unconfined_exec_t;
>>>>>      type procmail_t;
>>>>>      role system_r;
>>>>> ')
>>>>>
>>>>> type my_uncon_exec_t;
>>>>> files_type(my_uncon_exec_t)
>>>>>
>>>>> allow procmail_t unconfined_t : process { transition sigchld };
>>>>> domain_auto_trans(procmail_t, my_uncon_exec_t, unconfined_t)
>>>>> role system_r types unconfined_t;
>>>>
>>>> You say you are not able to build the above policy module on CentOS 6?
>>>
>>> I cannot. With that in a file called procmail_uncon.te in a directory
>>> with
>>> a Makefile copied from /usr/share/linux/devel, running "make" yields:
>>>
>>> ========
>>> Compiling targeted procmail_uncon module
>>> /usr/bin/checkmodule:  loading policy configuration from
>>> tmp/procmail_uncon.tmp
>>> procmail_uncon.te":13:ERROR 'unknown class file used in rule' at token
>>> ';' on line 1045:
>>> #line 13
>>>      allow procmail_t my_uncon_exec_t:file { getattr open read
>>> execute };
>>> /usr/bin/checkmodule:  error(s) encountered while parsing configuration
>>> make: *** [tmp/procmail_uncon.mod] Error 1
>>> ========
>>>
>>> The following packages are installed:
>>> libselinux-2.0.94-5.8.el6.x86_64
>>> libselinux-devel-2.0.94-5.8.el6.x86_64
>>> libselinux-python-2.0.94-5.8.el6.x86_64
>>> libselinux-utils-2.0.94-5.8.el6.x86_64
>>> selinux-policy-3.7.19-260.el6_6.1.noarch
>>> libsepol-devel-2.0.41-4.el6.x86_64
>>> selinux-policy-targeted-3.7.19-260.el6_6.1.noarch
>>>
>>> I did dig up a procmail_uncon.pp file from an old Fedora 12 backup, and
>>> that file seems to install OK, so the problem is no longer critical
>>> for me,
>>> but I'd like to get this resolved.
>>>
>> You need to run the Makefile on the te file with the
>> policy_module(procmail_uncon, 1.0.18) line.
>
> I have no idea what you mean by that. You don't run a Makefile _on_ a
> source file. OK, I'll try it anyway:
> ========
> # make procmail_uncon.te
> make: Nothing to be done for `procmail_uncon.te'.
> ========
> Yes, it already exists and has no dependencies.
>
I run

make -f /usr/share/selinux/devel/Makefile procmail_uncon.pp

Which should build the original procman_uncon.te in this email chain.
The one with the policy_module(procmail_uncon, 1.0.18) line.

More information about the selinux mailing list