New SELinux User

Karl MacMillan kmacmill at redhat.com
Wed Nov 8 15:47:19 UTC 2006 

On Wed, 2006-11-08 at 15:31 +0000, Linda Finch wrote:
> I am trying to get up to speed with SELinux however as I am also a novice 
> Linux user (my OS knowledge has been with other systems) this is a very 
> steep learning curve!  To ease the pain, I purchased the SELinux by example 
> book and have been trying to work through the example policy module for the 
> IRC daemon.
> 
> I set up a standard FC4 workstation with the required strict src policy, IRC 
> etc and proceeded to follow through the book however I cannot get it to 
> compile.  When I enter the make && make install && make load command I get 
> the following error:
> 
> make && make install && make load
> /usr/bin/checkpolicy  -o policy.21 policy.conf
> /usr/bin/checkpolicy:  loading policy configuration from policy.conf
> domains/program/ircd.te:28:ERROR 'duplicate declaration of type/attribute' 
> at token ';' on line 290384:
> type ircd_log_t, file_type, sysadmfile, logfile;
> #line 28
> checkpolicy:  error(s) encountered while parsing configuration
> make: *** [policy.21] Error 1
> 

The compiler is saying that this type has already been declared. Make
certain that you did not accidentally include this line twice. It is
also possible that the strict policy that you are using already has a
policy for the ircd daemon (I don't have an FC4 system to check the
latest policy). You can grep through the policy modules to see if this
type is declared in another module - run this command in
domains/program:

grep "type ircd_log_t *.te

That should show you the file names of all the files that contain the
phrase "type ircd_log_t". If there is another policy module declaring
this type you can disable it by moving it and its corresponding .fc file
to the unused directories in domains/program and file_contexts.

> 
> I've double checked the ircd.te file, looked at the policy.conf file and 
> can't see anything wrong.  Is this error immediately obvious to anyone 
> (without knowing the example in the book of course!)?  If so, please help!  
> Apologies if there is something simple that I've not done - as I say, I'm a 
> novice user!  I've also had a go with the reference policy example in the 
> book for FC5 and couldn't get that to compile either.  That gives an error 
> with the generated_definitions.conf file.  I downloaded the most uptodate 
> version of the refpolicy from Tresys' site but maybe there are other patches 
> I need?  Again, this was a std FC5 install.
> 

Can you give a more detailed error message here?

Karl

More information about the fedora-selinux-list mailing list