How to build a local (unionfs) policy module for Fedora Core 5 (kernel 2.6.17)?
Stephen Smalley
sds at tycho.nsa.gov
Wed Oct 4 14:15:12 UTC 2006
On Tue, 2006-10-03 at 19:12 +0200, Andreas Sachs wrote:
> Hello,
>
>
>
> I’m trying to build a local unionfs policy module for Fedora Core 5
> (kernel 2.6.17). SElinux is set to enforcing and the policy type is
> targeted.
>
>
>
> After I mount a union, I get the following in my /var/log/messages
>
> Nov 6 13:34:41 localhost kernel: SELinux: initialized (dev unionfs,
> type unionfs), not configured for labeling
>
>
>
> I have written a local unionfs policy module:
>
> policy_module(unionfs, 1.0)
>
> require {
>
> type fs_t;
>
> };
>
> fs_use_xattr unionfs system_u:object_r:fs_t;
>
>
>
> But I get a syntax error:
>
> Compiling targeted unionfs module
>
> /usr/bin/checkmodule: loading policy configuration from
> tmp/unionfs.tmp
>
> unionfs.te:8:ERROR 'syntax error' at token 'fs_use_xattr' on line
> 59102:
>
> fs_use_xattr unionfs system_u:object_r:fs_t;
>
> /usr/bin/checkmodule: error(s) encountered while parsing
> configuration
>
> make: *** [tmp/unionfs.mod] Fehler 1
>
>
>
> How can I do it right?
Policy modules (other than the base) only support a subset of the
language, and fs_use_xattr is not supported in non-base module.
Thus, your options (as previously stated) are:
1) Grab the policy .src.rpm or upstream sources, modify them, and
rebuild, or
2) Use a context= mount to set a single fixed label on the entire mount.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list