current selinux-usr incompatible with refpolicy-20060307?

current selinux-usr incompatible with refpolicy-20060307?

[Todd Miller]

In trying to build refpolicy-20060307 on an FC5 machine using an  
selinux userland with the following svn tags: checkpolicy_1_30_11  
libselinux_1_30_27 libsemanage_1_6_15 libsepol_1_12_26  
policycoreutils_1_30_28 I get this error:

/usr/bin/checkpolicy policy.conf -o policy.21
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
libsepol.expand_terule_helper: duplicate TE rule for initrc_t  
insmod_exec_t:process insmod_t
libsepol.expand_module: Error during expand
Error while expanding policy
make: *** [policy.21] Error 1

The selinux userland components that ship with FC5 are able to build  
the policy.conf into a binary file without problems.  Is there a  
newer version of refpolicy that folks are using for development?

Thanks!

  - todd

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

current selinux-usr incompatible with refpolicy-20060307?

[Todd Miller]

In trying to build refpolicy-20060307 on an FC5 machine using an  
selinux userland with the following svn tags: checkpolicy_1_30_11  
libselinux_1_30_27 libsemanage_1_6_15 libsepol_1_12_26  
policycoreutils_1_30_28 I get this error:

/usr/bin/checkpolicy policy.conf -o policy.21
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
libsepol.expand_terule_helper: duplicate TE rule for initrc_t  
insmod_exec_t:process insmod_t
libsepol.expand_module: Error during expand
Error while expanding policy
make: *** [policy.21] Error 1

The selinux userland components that ship with FC5 are able to build  
the policy.conf into a binary file without problems.  Is there a  
newer version of refpolicy that folks are using for development?

Thanks!

  - todd

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: current selinux-usr incompatible with refpolicy-20060307?

[Todd Miller]

I just tried a current checkout of refpolicy from the tresys svn and  
it works with the current userland tools so I'll just use that...

  - todd

On Sep 5, 2006, at 4:57 PM, Todd Miller wrote:

> In trying to build refpolicy-20060307 on an FC5 machine using an  
> selinux userland with the following svn tags: checkpolicy_1_30_11  
> libselinux_1_30_27 libsemanage_1_6_15 libsepol_1_12_26  
> policycoreutils_1_30_28 I get this error:
>
> /usr/bin/checkpolicy policy.conf -o policy.21
> /usr/bin/checkpolicy:  loading policy configuration from policy.conf
> libsepol.expand_terule_helper: duplicate TE rule for initrc_t  
> insmod_exec_t:process insmod_t
> libsepol.expand_module: Error during expand
> Error while expanding policy
> make: *** [policy.21] Error 1
>
> The selinux userland components that ship with FC5 are able to  
> build the policy.conf into a binary file without problems.  Is  
> there a newer version of refpolicy that folks are using for  
> development?
>
> Thanks!
>
>  - todd
>
> --
> This message was distributed to subscribers of the selinux mailing  
> list.
> If you no longer wish to subscribe, send mail to  
> majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: current selinux-usr incompatible with refpolicy-20060307?

[Darrel Goeddel]

Todd Miller wrote:
> In trying to build refpolicy-20060307 on an FC5 machine using an  
> selinux userland with the following svn tags: checkpolicy_1_30_11  
> libselinux_1_30_27 libsemanage_1_6_15 libsepol_1_12_26  
> policycoreutils_1_30_28 I get this error:
> 
> /usr/bin/checkpolicy policy.conf -o policy.21
> /usr/bin/checkpolicy:  loading policy configuration from policy.conf
> libsepol.expand_terule_helper: duplicate TE rule for initrc_t  
> insmod_exec_t:process insmod_t
> libsepol.expand_module: Error during expand
> Error while expanding policy
> make: *** [policy.21] Error 1
> 
> The selinux userland components that ship with FC5 are able to build  
> the policy.conf into a binary file without problems.  Is there a  newer 
> version of refpolicy that folks are using for development?

The reference policy used to have a conflicting statement in an optional
block of policy that was not caught due to a bug in the toolchain.  The
patchset is outlined in the following email:

http://marc.theaimsgroup.com/?l=selinux&m=115107448603049&w=2

You can always grab the latest snapshot of the reference policy using svn
as described here:

http://oss.tresys.com/projects/refpolicy/wiki/SubversionCheckout

-- 

Darrel

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.