audit2allow broken?

Stephen Smalley sds at tycho.nsa.gov
Thu May 10 12:15:23 UTC 2007


On Wed, 2007-05-09 at 16:05 -0500, Hongwei Li wrote:
> Thank you for help! However, I got error when doing it.
> # make -f /usr/share/selinux/devel/Makefile
> Compiling targeted localb module
> /usr/bin/checkmodule:  loading policy configuration from tmp/localb.tmp
> localb.te:6:ERROR 'syntax error' at token '' on line 78455:
> 
> 
> /usr/bin/checkmodule:  error(s) encountered while parsing configuration
> make: *** [tmp/localb.mod] Error 1

The above error is on something called "localb.te", not "local.te".
Do you have multiple .te files in your working directory?  If so, move
them elsewhere or move local.te into its own subdirectory, cd there, and
try again.

> 
> 
> My local.te is:
> 
> module local 1.0;
> 
> require {
>         type portmap_t;
>         type home_root_t;
>         type system_mail_t;
>         type nfsd_t;
>         type crond_t;
>         type httpd_t;
>         type restorecon_t;
>         type shadow_t;
>         class dir { search getattr };
>         class file read;
>         class fifo_file read;
> }
> 
> auth_rw_shadow(httpd_t);
> 
> #============= httpd_t ==============
> allow httpd_t shadow_t:file read;
> 
> #============= nfsd_t ==============
> allow nfsd_t crond_t:fifo_file read;
> 
> #============= portmap_t ==============
> allow portmap_t crond_t:fifo_file read;
> 
> #============= restorecon_t ==============
> allow restorecon_t crond_t:fifo_file read;
> 
> #============= system_mail_t ==============
> allow system_mail_t home_root_t:dir { search getattr };
> allow system_mail_t httpd_t:file read;
> 
> 
> What "syntax error" is? Did I add the line
> auth_rw_shadow(httpd_t);
> incorrectly?
> 
> I have selinux-policy-devel.noarch 0:2.4.6-62.fc6 installed.
> 
> Thanks!
> 
> Hongwei
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- 
Stephen Smalley
National Security Agency




More information about the fedora-selinux-list mailing list