From: walid.fakim@cgi.com (Fakim, Walid) Date: Thu, 28 Jul 2016 11:30:26 +0000 Subject: [refpolicy] Compile Error when using the userdom_login_user_template() macro... References: <53E0DE5B854BBC4EA982E3197A0C96D24B111CB0@SE-EX021.groupinfra.com> <93b453d1-0c9a-ab52-0eb6-b3f191188354@gmail.com> <53E0DE5B854BBC4EA982E3197A0C96D24B111E05@SE-EX021.groupinfra.com> Message-ID: <67130EC7AFA3FE4E9290B03665B351F4017CD6@SE-EX021.groupinfra.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hi Dominick, I am working with Jack on this issue. So we tried your code snippet and that worked. We do have the reference policy downloaded - how do we confirm that we are indeed using it? Going back to Jack's comment regarding the userdom_unpriv_user_template() macro : I've switched the order of the code round from : ==== Old Code ==== role cos_r; gen_user(cos_u, dsp_user, cos_r, s0, s0 - mls_systemhigh, mcs_allcats) userdom_unpriv_user_template(cos) ================ To ====New Code==== userdom_unpriv_user_template(cos) role cos_r; gen_user(cos_u, dsp_user, cos_r, s0, s0 - mls_systemhigh, mcs_allcats) ================ And now the code has compiled with no errors. Is there anything we need to be careful of that the 2 macros are doing that could be interfering with each other? Thanks & Regards, Walid -----Original Message----- From: Borg-Cardona, Jack Sent: 28 July 2016 11:06 To: Fakim, Walid Subject: FW: [refpolicy] Compile Error when using the userdom_login_user_template() macro... -----Original Message----- From: refpolicy-bounces@oss.tresys.com [mailto:refpolicy-bounces at oss.tresys.com] On Behalf Of Dominick Grift Sent: 28 July 2016 10:44 To: refpolicy at oss.tresys.com Subject: Re: [refpolicy] Compile Error when using the userdom_login_user_template() macro... On 07/28/2016 11:02 AM, Borg-Cardona, Jack wrote: > Morning, > > I've been working on my first custom policies recently and have begun the compile process and am working through the various syntax errors I have made. I have come across one error that I can't decipher, and does not seem to reference the syntax in my own policy but rather the syntax in the tmp/cosapp.tmp folder that is created at compile time. > Hi, Is this refpolicy or some fork (redhat maybe?) If this is a redhat fork then you might want to ask on the fedora-selinux maillist or #fedora-selinux or irc.freenode.org for better results Regardless, I would probably start by narrowing this down. cat >>mytest.te<>From my policy (.te) the offending line is: > userdom_login_user_template(cos) > > The error message is: > cosapp.te":61:ERROR 'syntax error' at token 'require' on line 4050: > require { > #line 61 > /usr/bin/checkmodule: error(s) encountered while parsing > configuration > make: *** [tmp/cosapp.mod] Error 1 > > Looking at the cospp.tmp file more closely I went to line 4050 #line > 61 > require { > #line 61 > > #line 61 > class context contains; #line 61 > attribute login_userdomain; #line 61 > > #line 61 > } # end require > As this is not my syntax I am a bit puzzled as to what is actually wrong? > A couple of thoughts that I had are: > The macro userdom_login_user_template(cos)references a new custom user 'cos_u' I have not yet added the user file_contexts file to /etc/selinux/targeted/contexts/users so could this be causing the error? If so I am surprised that the gen_user() statement the line before works. > Are there any dependencies I need to consider for this template to work, that I may not have thought about? > > Then finally I jumped on the IRC channel yesterday no one was around, what time to people tend to be on it? > > Thanks for the help > Jack > > > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift