When loading module dbus from Reference Policy's git master, semodule
fails:
Invalid syntax
Bad context
Bad filecon declaration at
/var/lib/selinux/refpolicy/tmp/modules/400/dbus/cil:734
semodule: Failed!
"/usr/lib/selinux/hll/pp dbus.pp" generates the following lines
(prefixed by the line number):
733 (filecon "/usr/bin/dbus-daemon(-1)?" file (system_u object_r
dbusd_exec_t (systemlow systemlow)))
734 (filecon "/usr/bin/dbus-broker-launch" file (system_u object_r
dbusd_exec_t # needed by dbus-broker (systemlow systemlow)))
735 (filecon "/usr/bin/dbus-broker" file (system_u object_r
dbusd_exec_t # needed by dbus-broker (systemlow systemlow)))
The comments need to be on their own lines in order to be ignored by
semodule.
---
dbus.fc | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/dbus.fc b/dbus.fc
index c18fd7fd292e..e9a13ee9915f 100644
--- a/dbus.fc
+++ b/dbus.fc
@@ -8,8 +8,10 @@ HOME_DIR/\.dbus(/.*)? gen_context(system_u:object_r:session_dbusd_home_t,s0)
/run/user/%{USERID}/dbus-1(/.*)? gen_context(system_u:object_r:session_dbusd_runtime_t,s0)
/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0)
-/usr/bin/dbus-broker-launch -- gen_context(system_u:object_r:dbusd_exec_t,s0) # needed by dbus-broker
-/usr/bin/dbus-broker -- gen_context(system_u:object_r:dbusd_exec_t,s0) # needed by dbus-broker
+
+# needed by dbus-broker
+/usr/bin/dbus-broker-launch -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-broker -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/usr/lib/dbus-.*/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
--
2.14.1
On 08/23/2017 03:36 PM, Nicolas Iooss via refpolicy wrote:
> When loading module dbus from Reference Policy's git master, semodule
> fails:
>
> Invalid syntax
> Bad context
> Bad filecon declaration at
> /var/lib/selinux/refpolicy/tmp/modules/400/dbus/cil:734
> semodule: Failed!
>
> "/usr/lib/selinux/hll/pp dbus.pp" generates the following lines
> (prefixed by the line number):
>
> 733 (filecon "/usr/bin/dbus-daemon(-1)?" file (system_u object_r
> dbusd_exec_t (systemlow systemlow)))
> 734 (filecon "/usr/bin/dbus-broker-launch" file (system_u object_r
> dbusd_exec_t # needed by dbus-broker (systemlow systemlow)))
> 735 (filecon "/usr/bin/dbus-broker" file (system_u object_r
> dbusd_exec_t # needed by dbus-broker (systemlow systemlow)))
>
> The comments need to be on their own lines in order to be ignored by
> semodule.
> ---
> dbus.fc | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/dbus.fc b/dbus.fc
> index c18fd7fd292e..e9a13ee9915f 100644
> --- a/dbus.fc
> +++ b/dbus.fc
> @@ -8,8 +8,10 @@ HOME_DIR/\.dbus(/.*)? gen_context(system_u:object_r:session_dbusd_home_t,s0)
> /run/user/%{USERID}/dbus-1(/.*)? gen_context(system_u:object_r:session_dbusd_runtime_t,s0)
>
> /usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> -/usr/bin/dbus-broker-launch -- gen_context(system_u:object_r:dbusd_exec_t,s0) # needed by dbus-broker
> -/usr/bin/dbus-broker -- gen_context(system_u:object_r:dbusd_exec_t,s0) # needed by dbus-broker
> +
> +# needed by dbus-broker
> +/usr/bin/dbus-broker-launch -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/usr/bin/dbus-broker -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>
> /usr/lib/dbus-.*/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
Merged.
--
Chris PeBenito