Oddity in evolution.if in selinux-policy-devel-2.4.6-23.fc6.noarch.rpm
Daniel J Walsh
dwalsh at redhat.com
Mon Jan 15 17:01:04 UTC 2007
Daniel J Walsh wrote:
> Ted Rule wrote:
>> The recently released devel rpm,
>> selinux-policy-devel-2.4.6-23.fc6.noarch.rpm, appears to contain an odd
>> 'corruption' in the evolution.if file, viz:
>>
>> /usr/share/selinux/devel/include/apps/evolution.if
>>
>> The end of the interface file contains this set of allow statements:
>> allow staff_evolution_alarm_t staff_t:fifo_file { getattr write };
>> allow staff_evolution_alarm_t staff_t:unix_stream_socket connectto;
>> allow staff_evolution_alarm_t staff_tmp_t:dir { add_name getattr search
>> setattr write };
>> allow staff_evolution_alarm_t staff_tmp_t:file { getattr lock read
>> write };
>> allow staff_evolution_alarm_t staff_tmp_t:sock_file { create write };
>> allow staff_evolution_alarm_t tmp_t:dir read;
>>
>> allow staff_evolution_exchange_t staff_t:fd use;
>> allow staff_evolution_exchange_t staff_t:fifo_file { getattr write };
>> allow staff_evolution_exchange_t staff_tmp_t:dir { add_name getattr
>> search setattr write };
>> allow staff_evolution_exchange_t staff_tmp_t:file { getattr lock read
>> write };
>> allow staff_evolution_exchange_t staff_tmp_t:sock_file { create write };
>>
>> allow staff_evolution_server_t staff_t:fifo_file { getattr write };
>> allow staff_evolution_server_t staff_t:unix_stream_socket connectto;
>> allow staff_evolution_server_t staff_tmp_t:dir { add_name getattr search
>> setattr write };
>> allow staff_evolution_server_t staff_tmp_t:file { getattr lock read
>> write };
>> allow staff_evolution_server_t staff_tmp_t:sock_file { create write };
>> allow staff_evolution_server_t tmp_t:dir { getattr read search };
>>
>> allow staff_evolution_t default_t:lnk_file read;
>>
>>
>> I had previously downloaded the .23 rpm from the testing area, but I
>> only noticed this today whilst I was trying to build a module to rebuild
>> my anacron module tweak against the .23 policy, and got this error
>> message:
>>
>> [root selinux.local]# make localanacron.pp
>> Compiling strict localanacron module
>> /usr/bin/checkmodule: loading policy configuration from
>> tmp/localanacron.tmp
>> tmp/all_interfaces.conf:7820:ERROR 'syntax error' at token 'allow' on
>> line 3871:
>>
>> allow staff_evolution_alarm_t staff_t:fifo_file { getattr write };
>> /usr/bin/checkmodule: error(s) encountered while parsing configuration
>> make: *** [tmp/localanacron.mod] Error 1
>> [root at topaz selinux.local]#
>>
>> [root ~]#
>>
>>
>> The error message corresponds to the first rogue line in the interface
>> file; once I'd commented out all the lines, my new module compiled Ok. I
>> checked for any other rogue 'allow' lines in the other interface
>> definitions, but this appears to be the only set of oddities.
>>
>> I made a cursory check elsewhere, and the 2.4.6-21.fc7 policy-devel
>> appears to have the same corruption, whilst the previous stable fc6 rpm,
>> 2.4.6-17.fc6, doesn't.
>>
>> I've also created BZ #222548 containing these notes.
>>
>>
>>
> Yes this is a bug. Remove those excess lines from the bottom of
> evolution.if.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Fixed in selinux-policy-2.4.6-27
More information about the fedora-selinux-list
mailing list