From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 13 Dec 2011 10:38:19 -0500
Subject: [refpolicy] recent "portage" modifications break refpolicy build
In-Reply-To: <1323784186.2445.13.camel@vortex>
References: <1323784186.2445.13.camel@vortex>
Message-ID: <4EE7716B.70203@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/13/11 08:49, Guido Trentalancia wrote:
> Hello,
> 
> here is the effect of the recent modifications introducing
> portage_run_fetch():
> 
> Compliling refpolicy-13122011 sysadm.mod module
> m4 -D enable_mcs -D distro_redhat -D direct_sysadm_daemon -D enable_ubac
> -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D
> hide_broken_symptoms -s support/divert.m4
> policy/support/file_patterns.spt policy/support/ipc_patterns.spt
> policy/support/obj_perm_sets.spt policy/support/misc_patterns.spt
> policy/support/misc_macros.spt policy/support/mls_mcs_macros.spt
> policy/support/loadable_module.spt support/undivert.m4
> tmp/generated_definitions.conf tmp/all_interfaces.conf
> policy/modules/roles/sysadm.te > tmp/sysadm.tmp
> /usr/bin/checkmodule -M -m tmp/sysadm.tmp -o tmp/sysadm.mod
> /usr/bin/checkmodule:  loading policy configuration from tmp/sysadm.tmp
> policy/modules/roles/sysadm.te":258:ERROR 'syntax error' at token
> 'portage_run_fetch' on line 40465:
> #line 258
>         portage_run_fetch(sysadm_t, sysadm_r)
> /usr/bin/checkmodule:  error(s) encountered while parsing configuration
> make: *** [tmp/sysadm.mod] Error 1
> 
> ---
> 
> Compliling refpolicy-13122011 unconfined.mod module
> m4 -D enable_mcs -D distro_redhat -D direct_sysadm_daemon -D enable_ubac
> -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D
> hide_broken_symptoms -s support/divert.m4
> policy/support/file_patterns.spt policy/support/ipc_patterns.spt
> policy/support/obj_perm_sets.spt policy/support/misc_patterns.spt
> policy/support/misc_macros.spt policy/support/mls_mcs_macros.spt
> policy/support/loadable_module.spt support/undivert.m4
> tmp/generated_definitions.conf tmp/all_interfaces.conf
> policy/modules/system/unconfined.te > tmp/unconfined.tmp
> /usr/bin/checkmodule -M -m tmp/unconfined.tmp -o tmp/unconfined.mod
> /usr/bin/checkmodule:  loading policy configuration from
> tmp/unconfined.tmp
> policy/modules/system/unconfined.te":152:ERROR 'syntax error' at token
> 'portage_run_fetch' on line 13377:
> #line 152
>         portage_run_fetch(unconfined_t, unconfined_r)
> /usr/bin/checkmodule:  error(s) encountered while parsing configuration
> make: *** [tmp/unconfined.mod] Error 1
> 
> The issue is affecting git refpolicy since at least the 12th of October
> 2011.

Odd.  I can't reproduce this.  The interface definitely exists in the policy, so it should expand correctly.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com