Dear list,

I am running a freshly intalled SELinux system with
sec-policy/selinux-base-policy 20070329 in strict/permissive mode.

When I try to write a TE module for my avc denials the compiler doesn't
resolve the necesary types. For example, considerung the following avc
entry for type consoletype:

vmdefault # dmesg | grep avc
audit(1190988750.096:3): avc:  denied  { read } for  pid=26115
comm="consoletype" name="ld.so.cache" dev=sda1 ino=336323476
scontext=system_u:system_r:consoletype_t tcontext=root:object_r:etc_t
tclass=file
audit(1190988750.096:4): avc:  denied  { getattr } for  pid=26115
comm="consoletype" name="ld.so.cache" dev=sda1 ino=336323476
scontext=system_u:system_r:consoletype_t tcontext=root:object_r:etc_t
tclass=file

My policy module looks like this:

policy_module(local,1.0.0) 
type local_t;
files_read_etc_files(consoletype_t)

When I try to compile, the compiler gives me an unknown type error:

vmdefault include # make -f /usr/share/selinux/strict/include/Makefile 
Compiling strict local module
/usr/bin/checkmodule:  loading policy configuration from tmp/local.tmp
local.te:11:ERROR 'unknown type consoletype_t' at token ';' on line
78133:
        allow consoletype_t etc_t:dir { getattr search read lock
ioctl };
#line 11
/usr/bin/checkmodule:  error(s) encountered while parsing configuration
make: *** [tmp/local.mod] Error 1

Seems to me that the compiler does not resolve the types against the
base policy.

Any ideas? Comments are highly appreciated.

Dominik

-- 
[EMAIL PROTECTED] mailing list

Reply via email to