error

Fri Jul 14 12:28:15 UTC 2006

netpython wrote:
> Sry to bother you with my n00b questions.
>
> I used lsof to get a better understanding on what files
> are opened.The te files are now: run-mozilla.te and firefox-bin.te
> However the checkpolicy tool complains about an error in
> the policy made by the policygentool.
>
Keep questions on list for the benefit of others.

the immediate error is that you can't have a '-' in a module name. Just 
out of curiosity why aren't you just using the mozilla/firefox policies 
in refpolicy? you should be able to build the module (make mozilla.pp) 
and then insert it with semodule -i mozilla.pp

> run-mozilla.te:
> -------------------
> policy_module(run-mozilla,1.0.0)
>
> ########################################
> #
> # Declarations
> #
>
> type run-mozilla_t;
> type run-mozilla_exec_t;
> domain_type(run-mozilla_t)
> init_daemon_domain(run-mozilla_t, run-mozilla_exec_t)
>
> ########################################
> #
> # run-mozilla local policy
> #
> # Check in /etc/selinux/refpolicy/include for macros to use instead of
> allow rules.
>
> # Some common macros (you might be able to remove some)
> files_read_etc_files(run-mozilla_t)
> libs_use_ld_so(run-mozilla_t)
> libs_use_shared_libs(run-mozilla_t)
> miscfiles_read_localization(run-mozilla_t)
> ## internal communication is often done using fifo and unix sockets.
> allow run-mozilla_t self:fifo_file { read write };
> allow run-mozilla_t self:unix_stream_socket create_stream_socket_perms;
>
> # Init script handling
> init_use_fds(run-mozilla_t)
> init_use_script_ptys(run-mozilla_t)
> domain_use_interactive_fds(run-mozilla_t)
> ------------------------------------------------------
>
> firefox-bin.te:
>
> policy_module(firefox-bin,1.0.0)
>
> ########################################
> #
> # Declarations
> #
>
> type firefox-bin_t;
> type firefox-bin_exec_t;
> domain_type(firefox-bin_t)
> init_daemon_domain(firefox-bin_t, firefox-bin_exec_t)
>
> ########################################
> #
> # firefox-bin local policy
> #
> # Check in /etc/selinux/refpolicy/include for macros to use instead of
> allow rules.
>
> # Some common macros (you might be able to remove some)
> files_read_etc_files(firefox-bin_t)
> libs_use_ld_so(firefox-bin_t)
> libs_use_shared_libs(firefox-bin_t)
> miscfiles_read_localization(firefox-bin_t)
> ## internal communication is often done using fifo and unix sockets.
> allow firefox-bin_t self:fifo_file { read write };
> allow firefox-bin_t self:unix_stream_socket create_stream_socket_perms;
>
> # Init script handling
> init_use_fds(firefox-bin_t)
> init_use_script_ptys(firefox-bin_t)
> domain_use_interactive_fds(firefox-bin_t)
> ------------------------------------------------------
>
> Errors i get:
>
> Compiling targeted firefox-bin module
> /usr/bin/checkmodule:  loading policy configuration from 
> tmp/firefox-bin.tmp
> firefox-bin.te:1:ERROR 'syntax error' at token 'firefox-bin' on line 
> 57284:
>                module firefox-bin 1.0.0;
> #line 1
> /usr/bin/checkmodule:  error(s) encountered while parsing configuration
> make: *** [tmp/firefox-bin.mod] Error 1
>
>
> In /usr/share/selinux/devel/include/apps there's a mozilla.if file.
> What could i do with it? I searched in the doc's and now know it's
> an interface file,but other than that...
>
> kind regards,
>
> Peter
>
>
>