On Sun, 2009-02-01 at 16:54 -0600, Serge E. Hallyn wrote: > Quoting Christopher J. PeBenito ([email protected]): > > On Fri, 2009-01-30 at 11:37 -0600, Serge E. Hallyn wrote: > > > Quoting Serge E. Hallyn ([email protected]): > > > > Quoting Stephen Smalley ([email protected]): > > > > > On Thu, 2009-01-29 at 11:51 -0500, Christopher J. PeBenito wrote: > > > > > > On Thu, 2009-01-29 at 08:42 -0500, Christopher J. PeBenito wrote: > > > > > > > On Thu, 2009-01-29 at 21:32 +1100, James Morris wrote: > > > > > > > > I'm trying to run the LTP SELinux tests using the latest CVS > > > > > > > > version of > > > > > > > > LTP and current Fedora development, and get the following > > > > > > > > policy > > > > > > > > compilation error: > > > > > > > > > > > > > > > > ---- > > > > > > > > Compiling targeted test_policy module > > > > > > > > > > > > > > > > test_policy.te:1730: Warning: r_dir_perms is deprecated please > > > > > > > > use list_dir_perms instead. > > > > > > > > test_policy.te:1731: Warning: r_file_perms is deprecated please > > > > > > > > use read_file_perms instead. > > > > > > > > [lots of warnings similar to the above] > > > > > > > > > > > > > > > > /usr/bin/checkmodule: loading policy configuration from > > > > > > > > tmp/test_policy.tmp > > > > > > > > test_policy.te":16:ERROR 'syntax error' at token > > > > > > > > 'userdom_use_sysadm_terms' on line 3198: > > > > > > > > userdom_use_sysadm_terms(testdomain) > > > > > > > > # This allows read and write sysadm ttys and ptys. > > > > > > > > /usr/bin/checkmodule: error(s) encountered while parsing > > > > > > > > configuration > > > > > > > > make[1]: *** [tmp/test_policy.mod] Error 1 > > > > > > > > make[1]: Leaving directory `/usr/share/selinux/devel' > > > > > > > > make: *** [load] Error 2 > > > > > > > > Failed to build and load test_policy module, aborting test run. > > > > > > > > ---- > > > > > > > > > > > > > > > > Is this likely to be fixed soon, and/or any suggestions for a > > > > > > > > workaround? > > > > > > > > > > > > > > It won't compile with the current trunk refpolicy, since the > > > > > > > current > > > > > > > release was a major, API breaking change. I'll try to get a > > > > > > > patch out > > > > > > > shortly. > > > > > > > > > > > > I updated the policy since its fairly old, though I didn't convert > > > > > > its > > > > > > raw rules over to use interfaces. However this didn't completely > > > > > > fix > > > > > > it, as there is usage of a "unconfined_runs_test()", which isn't in > > > > > > the > > > > > > upstream refpolicy nor the fedora policy, as far as I can see. One > > > > > > of > > > > > > the updates includes use of sysadm_entry_spec_domtrans_to(), which > > > > > > is in > > > > > > the upstream refpolicy, but doesn't seem to have made its way > > > > > > downstream > > > > > > to the fedora policy. I have attached my work so someone familiar > > > > > > with > > > > > > sysadm_entry_spec_domtrans is in fedora 10's policy sources, at least, > > > in modules/roles/sysadm.if. (I don't have a fedora devel system > > > installed). > > > > That has the opposite transition direction (the specified domain > > transitions to sysadm). > > Just to make sure... > > You're saying that in upstream refpolicy sysadm_entry_spec_domtrans(foo) > means foo may transition to sysadm_t, while in fedora 10 policy > sysadm_entry_spec_domtrans(foo) means sysadm_t may transition to > foo?
No. They have the same behavior. What happened is that the interface (the one you need to use, not the above ones) used to be called userdom_sysadm_entry_spec_domtrans_to(). Then I split all of the roles into individual policy modules, so that interface got renamed to sysadm_entry_spec_domtrans_to(), except the new interface was accidentally dropped. So I added it back in, and it just hasn't gotten downstream yet. -- Chris PeBenito <[email protected]> Developer, Hardened Gentoo Linux Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243 Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com
_______________________________________________ Ltp-list mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ltp-list
