From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <46A4C2A6.80605@mentalrootkit.com> Date: Mon, 23 Jul 2007 11:00:54 -0400 From: Karl MacMillan MIME-Version: 1.0 To: Daniel J Walsh CC: Stephen Smalley , Karl MacMillan , Joshua Brindle , SE Linux Subject: Re: There is a bug in checkmodule that is driving me nuts References: <46A11983.5090405@redhat.com> <1184970504.14677.6.camel@localhost.localdomain> <1185201029.1998.19.camel@moss-spartans.epoch.ncsc.mil> <46A4BD5F.6070408@redhat.com> In-Reply-To: <46A4BD5F.6070408@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Daniel J Walsh wrote: > Stephen Smalley wrote: >> On Fri, 2007-07-20 at 18:28 -0400, Karl MacMillan wrote: >> >>> On Fri, 2007-07-20 at 16:22 -0400, Daniel J Walsh wrote: >>> >>>> The compiler is mistakenly seeing a >>>> >>>> gen_requires { >>>> type xguest_gnome_home_t; >>>> } >>>> >>>> As a redefinition of the type >>>> >>>> /usr/bin/checkmodule -M -m guest.tmp -o >>>> guest.mod/usr/bin/checkmodule: loading policy configuration from >>>> guest.tmp >>>> policy/modules/users/guest.te:4:ERROR 'duplicate declaration of >>>> type/attribute' at token ';' on line 55020: >>>> type xguest_gnome_home_t; >>>> #line 4 >>>> /usr/bin/checkmodule: error(s) encountered while parsing >>>> configuration >>>> >>>> The problem is the gen_requires happens before the declaration. >>>> >>>> The type is being declared in a template file. >>>> >>> For better or discarding of requires upon hitting a declaration isn't >>> like to be fixed (when the require is first). >>> >> >> How hard is it to escalate a requires to a decl? >> Already happens for users and roles, right? >> >> >>> I have an alternative suggestion - remove all of the requires from the >>> policy and use an sepolgen-based pre-processor to add them back in >>> until >>> the policyrep work is done. That will ease the migration and can be >>> done >>> far more easily than fixing the current compiler. >>> >>> Karl >>> >>> >>> -- >>> This message was distributed to subscribers of the selinux mailing >>> list. >>> If you no longer wish to subscribe, send mail to >>> majordomo@tycho.nsa.gov with >>> the words "unsubscribe selinux" without quotes as the message. >>> > If we resorted Templates before Interfaces, would this problem go away? > Potentially - requires after declarations works fine (the requires is just ignored). The other way around is what is more trouble. Karl > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to > majordomo@tycho.nsa.gov with > the words "unsubscribe selinux" without quotes as the message. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.