FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 04-26-2010, 06:47 PM
Dennison Williams
 
Default porting a module from treysys refpolicy to debian

Hello,

I am trying to port treysys' fail2ban.[te|fc]
(http://oss.tresys.com/repos/refpolicy/trunk/policy/modules/services/)
module to use on a debian system as a custom module and am having some
problems. I have built a custom module for this system, but I think
this case is slightly different because of calls to a few different
interfaces (that do exist on the system as installed via the
selinux-policy-refpolicy-dev package).

When I run:

# checkmodule -M -m -o fail2ban.mod fail2ban.te
checkmodule: loading policy configuration from fail2ban.te
(unknown source)::ERROR 'This block has no require section.' at
token 'init_daemon_domain' on line 10:
init_daemon_domain(fail2ban_t, fail2ban_exec_t)
type fail2ban_exec_t;
checkmodule: error(s) encountered while parsing configuration

This is obviously because I am not specifying the path to where the
init_daemon_domain interface is defined, but I am not sure how to do this.

I tried to add

require {
interface init_daemon_domain;
}

This does not seem to be the right way to do it either.

Any help is appreciated.

Sincerely,
Dennison Williams
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 04-26-2010, 08:03 PM
Dominick Grift
 
Default porting a module from treysys refpolicy to debian

On 04/26/2010 08:47 PM, Dennison Williams wrote:
> Hello,
>
> I am trying to port treysys' fail2ban.[te|fc]
> (http://oss.tresys.com/repos/refpolicy/trunk/policy/modules/services/)
> module to use on a debian system as a custom module and am having some
> problems. I have built a custom module for this system, but I think
> this case is slightly different because of calls to a few different
> interfaces (that do exist on the system as installed via the
> selinux-policy-refpolicy-dev package).
>
> When I run:
>
> # checkmodule -M -m -o fail2ban.mod fail2ban.te
> checkmodule: loading policy configuration from fail2ban.te
> (unknown source)::ERROR 'This block has no require section.' at
> token 'init_daemon_domain' on line 10:
> init_daemon_domain(fail2ban_t, fail2ban_exec_t)
> type fail2ban_exec_t;
> checkmodule: error(s) encountered while parsing configuration
>
> This is obviously because I am not specifying the path to where the
> init_daemon_domain interface is defined, but I am not sure how to do this.
>
> I tried to add
>
> require {
> interface init_daemon_domain;
> }
>
> This does not seem to be the right way to do it either.
>
> Any help is appreciated.

Not sure what is at issue here. I usually use the Makefile that should
be included with the devel pakage to build policy. Last time i tried
checkmodule had some issues.

The errors you ran into seems like a bug related to debian.

I would encourage that you try sending e-mail to Russell Coker. You can
find his e-mail address on the bottom of this page:
http://www.coker.com.au/russell/

hth


> Sincerely,
> Dennison Williams
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 04:10 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org