Bug#383131: checkpolicy: 1.30.10 can no longer compile refpolicy

Mon, 14 Aug 2006 23:54:54 -0700 

Package: checkpolicy
Version: 1.30.10-2
Severity: normal

After upgrading to checkpolicy 1.30.10-2, refpolicy no longer builds;
the build fails when checkmodule is run on the strict policy's base.conf:

m4 -D strict_policy -D enable_mcs -D distro_debian -D direct_sysadm_daemon -D 
hide_broken_symptoms -D self_contained_policy 
policy/support/loadable_module.spt policy/support/misc_macros.spt 
policy/support/obj_perm_sets.spt tmp/generated_definitions.conf 
policy/global_booleans policy/global_tunables > tmp/global_bools.conf
Creating refpolicy-strict base module base.conf
cat tmp/pre_te_files.conf tmp/all_attrs_types.conf tmp/global_bools.conf 
tmp/only_te_rules.conf tmp/all_post.conf > base.conf
Compiling refpolicy-strict base module
/usr/bin/checkmodule -M base.conf -o tmp/base.mod
/usr/bin/checkmodule:  loading policy configuration from base.conf
libsepol.expand_terule_helper: duplicate TE rule for httpd_suexec_t 
httpd_sys_content_t:process httpd_sys_script_t
/usr/bin/checkmodule:  expand module failed

This failure didn't happen with 1.30.3-1.  I'm assuming this is a
regression in checkpolicy or something linked into it, since I don't see
any duplicates rules in base.conf as it claims -- indeed I don't see
that rule at all, though I'm still learning the policy language and
could be mistaken about that.  If I comment out this line:

        type_transition httpd_suexec_t httpdcontent:process httpd_sys_script_t;

... there's a similar error concerning "initrc_t insmod_exec_t:process
insmod_t".  If I also comment out this one:

       type_transition initrc_t insmod_exec_t:process insmod_t;

... then checkmodule runs to completion.  As before, I don't see any
duplication of that rule, but with the same caveats.



-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-1-amd64-k8
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages checkpolicy depends on:
ii  libc6                         2.3.6-19   GNU C Library: Shared libraries

checkpolicy recommends no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to