From: dac.override@gmail.com (Dominick Grift)
Date: Thu, 28 Jul 2016 11:43:39 +0200
Subject: [refpolicy] Compile Error when using the
 userdom_login_user_template() macro...
In-Reply-To: <53E0DE5B854BBC4EA982E3197A0C96D24B111CB0@SE-EX021.groupinfra.com>
References: <53E0DE5B854BBC4EA982E3197A0C96D24B111CB0@SE-EX021.groupinfra.com>
Message-ID: <93b453d1-0c9a-ab52-0eb6-b3f191188354@gmail.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/28/2016 11:02 AM, Borg-Cardona, Jack wrote:
> Morning,
> 
> I've been working on my first custom policies recently and have begun the compile process and am working through the various syntax errors I have made. I have come across one error that I can't decipher, and does not seem to reference the syntax in my own policy but rather the syntax in the tmp/cosapp.tmp folder that is created at compile time.
> 

Hi, Is this refpolicy or some fork (redhat maybe?) If this is a redhat
fork then you might want to ask on the fedora-selinux maillist or
#fedora-selinux or irc.freenode.org for better results

Regardless, I would probably start by narrowing this down.

cat >>mytest.te<<EOF
policy_module(mytest,1.0.0)
userdom_login_user_template(cos)
EOF
make -f /usr/share/selinux/devel/Makefile mytest.pp

Do you see the same error message?


>>From my policy (.te) the offending line is:
> userdom_login_user_template(cos)
> 
> The error message is:
> cosapp.te":61:ERROR 'syntax error' at token 'require' on line 4050:
>                 require {
> #line 61
> /usr/bin/checkmodule:  error(s) encountered while parsing configuration
> make: *** [tmp/cosapp.mod] Error 1
> 
> Looking at the cospp.tmp file more closely I went to line 4050
> #line 61
>                 require {
> #line 61
> 
> #line 61
>                 class context contains;
> #line 61
>                 attribute login_userdomain;
> #line 61
> 
> #line 61
>                 } # end require
> As this is not my syntax I am a bit puzzled as to what is actually wrong?
> A couple of thoughts that I had are:
> The macro userdom_login_user_template(cos)references a new custom user 'cos_u'  I have not yet added the user file_contexts file to /etc/selinux/targeted/contexts/users so could this be causing the error? If so I am surprised that the gen_user() statement the line before works.
> Are there any dependencies I need to consider for this template to work, that I may not have thought about?
> 
> Then finally I jumped on the IRC channel yesterday no one was around, what time to people tend to be on it?
> 
> Thanks for the help
> Jack
> 
> 
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
> 


-- 
Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8  02D5 3B6C 5F1D 2C7B 6B02
https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02
Dominick Grift

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20160728/a3c3ea08/attachment-0001.bin