checkpolicy bombing on Fedora devel...

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Sep 20 21:16:25 UTC 2005


On Tue, 20 Sep 2005 16:41:26 EDT, Stephen Smalley said:
 
> >From the info above, you have an id "s0" that is a sensitivity rather
> than a category, so the hashtab_search fails, but that code path fails
> to check for such failure and thus crashes rather than reporting it.
> Try the patch below.

OK.. No crash, something resembling a useful diagnostic.  Probably want
to keep the patch....

(gdb)  run -M -o policy.20 policy.conf
Starting program: /usr/src/redhat/BUILD/checkpolicy-1.27.1/checkpolicy -M -o policy.20 policy.conf
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xffffe000
/usr/src/redhat/BUILD/checkpolicy-1.27.1/checkpolicy:  loading policy configuration from policy.conf
initial_sid_contexts:9:ERROR 'unknown category s0' at token 'sid' on line 428578:
sid security    system_u:object_r:security_t:s0:s0
sid kernel      system_u:system_r:kernel_t:s0:s0
/usr/src/redhat/BUILD/checkpolicy-1.27.1/checkpolicy:  error(s) encountered while parsing configuration

"D'oh!" -- H. Simpson

After fixing initial_sid_contexts by hand, I got:

fs_use:8:ERROR 'unknown category s0' at token ';' on line 428624:
fs_use_xattr ext2 system_u:object_r:fs_t:s0:s0;
# Requires that a security xattr handler exist for the filesystem.

I think I trashed it by running 'make mcsconvert' (possibly twice) trying to
deal with the fact that my 'users' file didn't have :s0 type stuff in it....

Ended up doing an 'rpm -e selinux-policy-strict-sources' and then re-installing
it, all looks OK now.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20050920/1e7cc46c/attachment.sig>


More information about the fedora-selinux-list mailing list