From: Karl MacMillan <kmacmillan@mentalrootkit.com>
To: Anand Patel <apatel@tresys.com>
Cc: SE Linux <selinux@tycho.nsa.gov>
Subject: RE: audit2allow module generation
Date: Mon, 10 Sep 2007 12:01:17 -0400 [thread overview]
Message-ID: <1189440078.3551.35.camel@localhost.localdomain> (raw)
In-Reply-To: <6FE441CD9F0C0C479F2D88F959B0158801008DB8@exchange.columbia.tresys.com>
On Mon, 2007-09-10 at 10:10 -0400, Anand Patel wrote:
> How do I generate perm_map file for audit2allow?
>
You shouldn't need to - one is provided. What prompted you to ask?
Karl
> Thanks
> -Anand Patel
>
>
> > -----Original Message-----
> > From: Karl MacMillan [mailto:kmacmillan@mentalrootkit.com]
> > Sent: Monday, September 03, 2007 12:14 PM
> > To: Anand Patel
> > Cc: SE Linux
> > Subject: RE: audit2allow module generation
> >
> > On Thu, 2007-08-30 at 09:43 -0400, Anand Patel wrote:
> > > Karl,
> > >
> > > I found that sepol-ifgen parser fails when it sees multiple types in
> > > type declaration statement.
> > > e.g.
> > > type foo_t, hello_t;
> >
> > This isn't a valid way to define two types - you are instead defining
> > the type foo_t with the attribute hello_t. It's an easy mistake to
> make
> > because of the similarity to the require syntax for requiring multiple
> > types.
> >
> > I'm sending a large update to the parser soon that will fix this
> problem
> > though.
> >
> > Karl
> >
> > > Then I went back and change to following
> > > type foo_t;
> > > type hello_t;
> > > and it parsed successfully.
> > >
> > > -Anand Patel
> > >
> > > -----Original Message-----
> > > From: owner-selinux@tycho.nsa.gov
> [mailto:owner-selinux@tycho.nsa.gov]
> > > On Behalf Of Anand Patel
> > > Sent: Monday, June 11, 2007 9:48 AM
> > > To: Karl MacMillan
> > > Cc: SE Linux; Daniel J Walsh
> > > Subject: RE: audit2allow module generation
> > >
> > > On Fri, 2007-06-08 at 11:36 -0400, Karl MacMillan wrote:
> > > > On Wed, 2007-05-30 at 10:44 -0400, Anand Patel wrote:
> > > > > > -----Original Message-----
> > > > > > From: Karl MacMillan [mailto:kmacmillan@mentalrootkit.com]
> > > > > > Sent: Tuesday, May 29, 2007 5:12 PM
> > > > > > To: Anand Patel
> > > > > > Cc: SE Linux; Daniel J Walsh
> > > > > > Subject: Re: audit2allow module generation
> > > > > >
> > > > > > On Tue, 2007-05-29 at 16:25 -0400, Anand Patel wrote:
> > > > > > > I am trying to use audit2allow to generate module out of
> audit
> > > > > messages.
> > > > > > >
> > > > > > > So, I installed refpolicy headers first. Then tried
> > > sepolgen-ifgen
> > > > > > >
> > > > > > > %sepolgen-ifgen
> > > > > > > % ... some output ...
> > > > > > > %parsing file
> /usr/share/selinux/devel/include/services/snmp.if
> > > > > > > %error parsing file
> > > > > /usr/share/selinux/devel/include/services/snmap.if:
> > > > > > > %could not parse text: "Syntax error on line 1 (
> [type=OPAREN]"
> > > > > > >
> > > > > > > Parser had problem parsing almost all if files and generated
> > > above
> > > > > > > error.
> > > > > >
> > > > > > The problem is that the refpolicy "language" is far from fixed
> and
> > > > > > parsing it cleanly is almost impossible because of M4. So the
> > > parser
> > > > > > sometimes gets out of sync with refpolicy (hence the policyrep
> > > work).
> > > > > >
> > > > > > I just need some more specific information about the refpolicy
> > > version
> > > > > > you are using and I should be able to fix-up the parser.
> > > > >
> > > > > I was using current release from
> oss.tresys.com/projects/refpolicy.
> > > > >
> > > >
> > > > What version of sepolgen were you using? The latest (in rawhide)
> seems
> > > > to work fine on the latest available refpolicy.
> > > Version .1
> > > It seems to work with pristine refpolicy. However, upon
> modifications to
> > > policy, new macros and moduels, it generates error during interface
> > > index parse.
> > >
> > > I am currently investigating where it fails.
> > >
> > >
> > > >
> > > > Karl
> > > >
> > > >
> > > >
> > >
> > >
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2007-09-10 16:01 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-21 9:54 [patch 0/3] genhomedircon replacement in libsemanage jbrindle
2007-05-21 9:54 ` [patch 1/3] libsemanage: genhomedircon replacement jbrindle
2007-05-22 21:08 ` Karl MacMillan
2007-05-24 14:04 ` Mark Goldman
2007-05-24 14:45 ` Karl MacMillan
2007-05-24 15:44 ` Daniel J Walsh
2007-05-24 19:20 ` Mark Goldman
2007-05-25 15:52 ` Karl MacMillan
2007-05-25 17:06 ` Joshua Brindle
2007-05-26 0:02 ` Karl MacMillan
2007-05-29 20:25 ` audit2allow module generation Anand Patel
2007-05-29 21:11 ` Karl MacMillan
2007-05-30 14:44 ` Anand Patel
2007-05-31 16:05 ` Karl MacMillan
2007-06-08 15:36 ` Karl MacMillan
2007-06-11 13:47 ` Anand Patel
2007-08-30 13:43 ` Anand Patel
2007-09-03 16:13 ` Karl MacMillan
2007-09-10 14:10 ` Anand Patel
2007-09-10 16:01 ` Karl MacMillan [this message]
2007-06-19 15:09 ` [patch 1/3] libsemanage: genhomedircon replacement Joshua Brindle
2007-06-21 16:29 ` Karl MacMillan
2007-06-21 16:49 ` Joshua Brindle
2007-06-21 18:04 ` Karl MacMillan
2007-06-21 18:09 ` Joshua Brindle
2007-06-21 18:18 ` Karl MacMillan
2007-06-21 18:25 ` Joshua Brindle
2007-06-21 18:35 ` Karl MacMillan
2007-06-21 20:54 ` Eamon Walsh
2007-06-22 11:50 ` Daniel J Walsh
2007-06-22 15:22 ` Karl MacMillan
2007-06-22 15:31 ` Joshua Brindle
2007-06-22 16:04 ` Karl MacMillan
2007-06-22 16:58 ` Eamon Walsh
2007-06-22 19:30 ` Karl MacMillan
2007-06-22 20:55 ` Eamon Walsh
2007-07-02 14:00 ` Joshua Brindle
2007-07-02 14:23 ` Karl MacMillan
2007-07-02 15:54 ` Joshua Brindle
2007-07-02 21:26 ` Joshua Brindle
2007-07-03 1:12 ` James Antill
2007-07-03 11:15 ` Can someone please assist me with selinux issue David Cottle
[not found] ` <1183464455.12218.243.camel@moss-spartans.epoch.ncs! c.mil>
2007-07-03 12:07 ` Stephen Smalley
2007-07-04 23:30 ` David Cottle
2007-07-05 12:33 ` Stephen Smalley
2007-07-12 19:03 ` Libsemanage dependency on version of Linux Hasan Rezaul-CHR010
2007-07-12 19:39 ` Stephen Smalley
2007-07-12 19:48 ` Hasan Rezaul-CHR010
2007-07-12 19:57 ` Stephen Smalley
2007-07-12 19:49 ` Stephen Smalley
2007-07-02 14:54 ` [patch 1/3] libsemanage: genhomedircon replacement James Antill
2007-06-22 20:00 ` James Antill
2007-05-24 15:05 ` Steve G
2007-05-24 15:27 ` Karl MacMillan
2007-05-24 16:00 ` James Antill
2007-05-25 14:22 ` Mark Goldman
2007-05-21 9:54 ` [patch 2/3] libsemanage: test functions jbrindle
2007-05-21 9:54 ` [patch 3/3] Remove legacy genhomedircon python script jbrindle
2007-05-22 17:23 ` [patch 0/3] genhomedircon replacement in libsemanage Daniel J Walsh
2007-05-22 17:35 ` Joshua Brindle
2007-05-22 21:10 ` Karl MacMillan
2007-05-22 21:11 ` Karl MacMillan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1189440078.3551.35.camel@localhost.localdomain \
--to=kmacmillan@mentalrootkit.com \
--cc=apatel@tresys.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.