From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from goalie.tycho.ncsc.mil (goalie [144.51.3.250])
	by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id q9NJSLv2017630
	for <selinux@tycho.nsa.gov>; Tue, 23 Oct 2012 15:28:21 -0400
Received: from LLE2K7-HUB02.mitll.ad.local (LLE2K7-HUB02.mitll.ad.local) by mx2.ll.mit.edu (unknown) with ESMTP id q9NJSJL4003232 for <selinux@tycho.nsa.gov>; Tue, 23 Oct 2012 15:28:19 -0400
From: "Moyer, Thomas - 0668 - MITLL" <thomas.moyer@ll.mit.edu>
To: "selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>
Date: Tue, 23 Oct 2012 15:28:16 -0400
Subject: Question about policy module error message
Message-ID: <CCAC6810.2205%thomas.moyer@ll.mit.edu>
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
	micalg=sha1; boundary="B_3433850896_72386686"
MIME-Version: 1.0
Sender: owner-selinux@tycho.nsa.gov
List-Id: selinux@tycho.nsa.gov

--B_3433850896_72386686
Content-type: multipart/alternative;
	boundary="B_3433850896_72355861"


--B_3433850896_72355861
Content-type: text/plain;
	charset="US-ASCII"
Content-transfer-encoding: 7bit

I am trying to build an SELinux policy module for a piece of software I am
writing. I used sepolgen to create an initial skeleton policy (running on
Red Hat Enterprise Linux 6). I get the following error when I try and
install the policy:

sudo ./interface.sh
Building and Loading Policy
+ make -f /usr/share/selinux/devel/Makefile
make: Nothing to be done for `all'.
+ /usr/sbin/semodule -i interface.pp
libsemanage.semanage_fc_sort: WARNING: semanage_fc_sort: Incomplete context.
libsepol.sepol_context_from_string: malformed context "dnl"
libsepol.sepol_context_from_string: could not construct context from string
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert dnl to sid
invalid context dnl
libsemanage.semanage_install_active: setfiles returned error code 1.
/usr/sbin/semodule:  Failed!

Below is the interface.fc file since I think the error might be in there.
/usr/local/bin/interface --
gen_context(system_u:object_r:interface_exec_t,s0)
/usr/local/libexec/interface gen_context(system_u:object_r:usr_t,s0)
/usr/local/libexec/interface/WebApp.jar --
gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/local/libexec/interface/keystore --
gen_context(system_u:object_r:interfaceKey_t,s0)
/usr/local/libexec/interface/ui-files(/.*)?
gen_context(system_u:object_r:httpd_sys_content_t,s0)

Not sure how to go about debugging this.

Thanks for the help.

-Tom

-- 
Thomas Moyer, Technical Staff voice: (781) 981-1374
Cyber Systems Technology Group mobile: (857) 268-0493
MIT Lincoln Laboratory email: thomas.moyer@ll.mit.edu
244 Wood Street
Lexington, MA 02420



--B_3433850896_72355861
Content-type: text/html;
	charset="US-ASCII"
Content-transfer-encoding: quoted-printable

<html><head></head><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: s=
pace; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size:=
 14px; font-family: Calibri, sans-serif; "><div><div><div>I am trying to bui=
ld an SELinux policy module for a piece of software I am writing. I used sep=
olgen to create an initial skeleton policy (running on Red Hat Enterprise Li=
nux 6). I get the following error when I try and install the policy:</div><d=
iv><br></div><div><div>sudo ./interface.sh</div><div>Building and Loading Po=
licy</div><div>+ make -f /usr/share/selinux/devel/Makefile</div><div>make: N=
othing to be done for `all'.</div><div>+ /usr/sbin/semodule -i interface.pp<=
/div><div>libsemanage.semanage_fc_sort: WARNING: semanage_fc_sort: Incomplet=
e context.</div><div>libsepol.sepol_context_from_string: malformed context "=
dnl"</div><div>libsepol.sepol_context_from_string: could not construct conte=
xt from string</div><div>libsepol.context_from_string: could not create cont=
ext structure</div><div>libsepol.sepol_context_to_sid: could not convert dnl=
 to sid</div><div>invalid context dnl</div><div>libsemanage.semanage_install=
_active: setfiles returned error code 1.</div><div>/usr/sbin/semodule: &nbsp=
;Failed!</div></div><div><br></div><div>Below is the interface.fc file since=
 I think the error might be in there.</div><div><div>/usr/local/bin/interfac=
e<span class=3D"Apple-tab-span" style=3D"white-space:pre">		</span>--<span class=
=3D"Apple-tab-span" style=3D"white-space:pre">	</span>gen_context(system_u:objec=
t_r:interface_exec_t,s0)</div><div>/usr/local/libexec/interface<span class=3D"=
Apple-tab-span" style=3D"white-space:pre">				</span>gen_context(system_u:obje=
ct_r:usr_t,s0)</div><div>/usr/local/libexec/interface/WebApp.jar<span class=3D=
"Apple-tab-span" style=3D"white-space:pre">	</span>--<span class=3D"Apple-tab-sp=
an" style=3D"white-space:pre">	</span>gen_context(system_u:object_r:httpd_sys_=
content_t,s0)</div><div>/usr/local/libexec/interface/keystore<span class=3D"Ap=
ple-tab-span" style=3D"white-space:pre">	</span>--<span class=3D"Apple-tab-span"=
 style=3D"white-space:pre">	</span>gen_context(system_u:object_r:interfaceKey_=
t,s0)</div><div>/usr/local/libexec/interface/ui-files(/.*)?<span class=3D"Appl=
e-tab-span" style=3D"white-space:pre">		</span>gen_context(system_u:object_r:h=
ttpd_sys_content_t,s0)</div></div><div><br></div><div>Not sure how to go abo=
ut debugging this.</div><div><br></div><div>Thanks for the help.</div><div><=
br></div><div>-Tom</div><div><br></div><div><div><div>--&nbsp;</div><div><di=
v><div>Thomas Moyer, Technical Staff<span class=3D"Apple-tab-span" style=3D"whit=
e-space:pre">		</span>voice: (781) 981-1374</div><div>Cyber Systems Technolo=
gy Group<span class=3D"Apple-tab-span" style=3D"white-space:pre">		</span>mobile=
: (857) 268-0493</div><div>MIT Lincoln Laboratory<span class=3D"Apple-tab-span=
" style=3D"white-space:pre">				</span>email:&nbsp;<a href=3D"mailto:thomas.moye=
r@ll.mit.edu">thomas.moyer@ll.mit.edu</a></div><div>244 Wood Street</div><di=
v>Lexington, MA 02420</div></div></div></div></div></div></div></body></html=
>

--B_3433850896_72355861--

--B_3433850896_72386686
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIIUEgYJKoZIhvcNAQcCoIIUAzCCE/8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
EfUwggTUMIIDvKADAgECAgpbnpTCAAAAAE9nMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNVBAYT
AlVTMR8wHQYDVQQKExZNSVQgTGluY29sbiBMYWJvcmF0b3J5MQwwCgYDVQQLEwNQS0kxEzAR
BgNVBAMTCk1JVExMIENBLTIwHhcNMTIwODI0MTMzNzMyWhcNMTMwODI0MTMzNzMyWjBhMQsw
CQYDVQQGEwJVUzEfMB0GA1UEChMWTUlUIExpbmNvbG4gTGFib3JhdG9yeTEPMA0GA1UECxMG
UGVvcGxlMSAwHgYDVQQDExdNb3llci5UaG9tYXMuTS41MDAxMjcxNTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAN2kzL21gle2n6FJ68b7s6rhJUZWK4zTnKN9TD7tGS1mLNuD
kO55g8tKHf8g+TM5nK89anV960D+4cwbWK4sbs9pQcrrSlzhQJhsZ4QSqMWsT9Gzq2qucaSw
Tge3LuySmA/8JPbVa3c+sSQNYc6qkbGKg97WYA+CP/CKknN8yS14S2OX1W27GJsTzF4c84Ya
B1qRBAwfBQMFbd51AfZ5j0c6isk0ov8kJkyYrqHKj4qbOG8WjvmSkPA+pXcbwUEnWXJLtCZZ
4+aZIQ2Sv7DE35urlrzYjrY6ENUzDV5dy86oFKjf8nJFiIV6NtYVSkRVOK2e5KqsGpIdcAOp
TJus/y8CAwEAAaOCAZwwggGYMB0GA1UdDgQWBBQVe66M3+xu+px9yukwqwj+SAbDUTAOBgNV
HQ8BAf8EBAMCBsAwHwYDVR0jBBgwFoAUjkp9iaFjFxyBiDRXNyZFXhmKfiQwMwYDVR0fBCww
KjAooCagJIYiaHR0cDovL2NybC5sbC5taXQuZWR1L2dldGNybC9MTENBMjBiBggrBgEFBQcB
AQRWMFQwLQYIKwYBBQUHMAKGIWh0dHA6Ly9jcmwubGwubWl0LmVkdS9nZXR0by9MTENBMjAj
BggrBgEFBQcwAYYXaHR0cDovL29jc3AubGwubWl0LmVkdS8wDAYDVR0TAQH/BAIwADA9Bgkr
BgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDg+Udh+ynZoathxWD6vBFhbahHx2Fy94yh/+KcwIB
ZAIBBTAiBgNVHSUBAf8EGDAWBggrBgEFBQcDBAYKKwYBBAGCNwoDDDAYBgNVHSAEETAPMA0G
CyqGSIb3EgIBAwEIMCIGA1UdEQQbMBmBF3Rob21hcy5tb3llckBsbC5taXQuZWR1MA0GCSqG
SIb3DQEBCwUAA4IBAQCUlrkm+GfYTCj6nbpoLyXLDymErn/IuDj+nzH2IAWCjSyo4Nbeu4hD
AaXgbMtbweHWdgFSy9KeyricQO1T0LTY+nG7dcl4gP7Vwb7/Yz5/XHYdjynATFgonjWaLmNQ
QtPR5xTccEg+WYEXIUks11te7R21Xcq9xcVRpkEGJH+lCGkmLJBFPHTGqCgM/WwtQEu3T8JO
BbYKmNmdZZ9nvwFrttjG8PEyNIIiWIxoy/WI9DDgfNOVeIjwDUU5GIyaA3Oa2hiRkmyLot8c
IAWZoxCZXs43/ydlPsrU/TUuhwpG+OjOo6n2sd0OaExHv4A1p3nrn/+uH/BCvxHY9oX9GepK
MIIEtzCCA5+gAwIBAgIBFDANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEfMB0GA1UE
ChMWTUlUIExpbmNvbG4gTGFib3JhdG9yeTEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1NSVRM
TCBSb290IENBMB4XDTA5MTIxNDEyMDAwMFoXDTE1MTIzMTIzNTk1OVowUTELMAkGA1UEBhMC
VVMxHzAdBgNVBAoTFk1JVCBMaW5jb2xuIExhYm9yYXRvcnkxDDAKBgNVBAsTA1BLSTETMBEG
A1UEAxMKTUlUTEwgQ0EtMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcEyyNh
SIfsN6AzBwVhZkzo6SdjNGAQ7mA2A8T0kmdCB8MH6jWjVVMwFZwlg9cgjgLKEuEO9KN8K9M8
jgeZEMoinlRfk3YELPC7sEkkzBQkcVpLhEwALue9iHowgSLGmXZpYKmRhfvhvYJ4MNCuIaWp
cK/GaDZCE+U2aTg42kv/zQrH3AoqFX81OF7niwXNnanP1hQRfkMTRrnaEW8DX0TMaG/t9Ry5
xSMrLTNc9DvQtjA5ZcuWnECiUpyDBFWxLr9yx7xgf1/LwgCxcoBeKSBBoWzkQmKAsgMo9Mq1
Fp/nnIqw5FKmgOs7Vy+6e0Dk+cgf+oAV8AK8ZFMQrVE0uH0CAwEAAaOCAZUwggGRMBIGA1Ud
EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFI5KfYmhYxccgYg0VzcmRV4Zin4kMB8GA1UdIwQY
MBaAFGeqes/0Cqa5crWKoNKd8hDDQ+0pMA4GA1UdDwEB/wQEAwIBhjBhBggrBgEFBQcBAQRV
MFMwLQYIKwYBBQUHMAKGIWh0dHA6Ly9jcmwubGwubWl0LmVkdS9nZXR0bz9MTFJDQTAiBggr
BgEFBQcwAYYWaHR0cDovL29jc3AubGwubWl0LmVkdTAzBgNVHR8ELDAqMCigJqAkhiJodHRw
Oi8vY3JsLmxsLm1pdC5lZHUvZ2V0Y3JsP0xMUkNBMIGSBgNVHSAEgYowgYcwDQYLKoZIhvcS
AgEDAQYwDQYLKoZIhvcSAgEDAQgwDQYLKoZIhvcSAgEDAQcwDQYLKoZIhvcSAgEDAQkwDQYL
KoZIhvcSAgEDAQowDQYLKoZIhvcSAgEDAQswDQYLKoZIhvcSAgEDAQ4wDQYLKoZIhvcSAgED
AQ8wDQYLKoZIhvcSAgEDARAwDQYJKoZIhvcNAQELBQADggEBAIh3BqHQ/XH8C6DCL+eEGroO
zxBcCqTNItmsv4MANaOTodgU2jrjHcGjXlzqhpb8ZxOlkAK3dK09rc6+yACcoK2TzVtDRZXY
xov/SqZRjI3dufU2JatAPxosCyy/1otjl1TKUY47Wvft31vdf5i0XK2DQVEJ+XlqtgBiFTVI
MIfBJwPajrsiz+pgFEYwhhwJxvs8flSi0FLCE77VYLEioP5hxG6zIPeQRxzh1bogbfphWHHt
oiTDkBSZ4UfvGXQTVf7QjhD5yYw10yICtjHmtgbfgBkH5/vvR92NY9RSlNPzZqmGKIia61bJ
CmagRYGyexfedVNF0cJWL4J/cLHhgNYwggODMIICa6ADAgECAgEBMA0GCSqGSIb3DQEBBQUA
MFQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZNSVQgTGluY29sbiBMYWJvcmF0b3J5MQwwCgYD
VQQLEwNQS0kxFjAUBgNVBAMTDU1JVExMIFJvb3QgQ0EwHhcNMDgwOTIzMTIwMDAwWhcNMjkx
MjMxMjM1OTU5WjBUMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWTUlUIExpbmNvbG4gTGFib3Jh
dG9yeTEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1NSVRMTCBSb290IENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxU4pF1iyJrL5rYq/XBAKg93kCTATG7Bw0NGFpEJ1A3Xs
r6UIIq9/1VJBOgCwDqrVsAK1lRwy/lkrHzPkobiMr1wzjQ28SR/9sg5kAcmrMqBYbc302qtw
CGKZxdNdhAh2nUOCO10AMpUsCNdpikPY9ukT8lsA+eorM4Q1rc/L0J6AHRptOU7IuDBdZj+t
dNb7gv+GKknr6wj9m2sVGawoaG7AAqhsWvQUM/q4h/H5FpYlwnVAEh2AzhqiG9bwl6uJJIzJ
/8uUWldNkVwz1I5fR/vCaxiLXIW4oUydBuRKTG+ekEoxHGuD73yx5JtsSciS8HQL2oEM8tv+
VAC+albqgwIDAQABo2AwXjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRnqnrP9AqmuXK1
iqDSnfIQw0PtKTAfBgNVHSMEGDAWgBRnqnrP9AqmuXK1iqDSnfIQw0PtKTALBgNVHQ8EBAMC
AYYwDQYJKoZIhvcNAQEFBQADggEBAD4bbQVg0Hh42EpYX4/JPkNS3OUAEWR/YgzZUY1QGi9r
QZ4pfcjU1/TaoNT8Y7Yf0RO+e9NiG9+BDhQH/kQiZOQo9rv9NUb8xDtKCYCad7zEQtVsYsWu
vK2XLw/Ji1m2eBvoOB4RS/5LAWfNws7W+DWt2ayzeTCyrLSrx7ZVgBjzNOm0TPIkbfppdwgx
uo7FZL8ts+M2492Al87d3VasevUS1pprRBEupChmPTt1hjtajkQOpT4BQAzP1lVEYrWzlv+O
/lbP9iujKpYWcfYqQ3FGf37YCvuDeues4xm+nqmyraNsNeI8Gh3XDIwqfzHnLhy4Y80VyqN/
Jj8df3SK9AAwggTXMIIDv6ADAgECAgpbn2n6AAAAAE9oMA0GCSqGSIb3DQEBCwUAMFExCzAJ
BgNVBAYTAlVTMR8wHQYDVQQKExZNSVQgTGluY29sbiBMYWJvcmF0b3J5MQwwCgYDVQQLEwNQ
S0kxEzARBgNVBAMTCk1JVExMIENBLTIwHhcNMTIwODI0MTMzODI3WhcNMTMwODI0MTMzODI3
WjBhMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWTUlUIExpbmNvbG4gTGFib3JhdG9yeTEPMA0G
A1UECxMGUGVvcGxlMSAwHgYDVQQDExdNb3llci5UaG9tYXMuTS41MDAxMjcxNTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAInOjv4PcQYSwcse3b/iU13ufWpydhGF1zKyWx6V
xn7EhTdIiVqRZSWEEhUN54ZZvcNCjJigjNc92nS7/DZ6QzHTDuWlIvgi76xgl8bbK6oCKEv8
0+LBZKd4w3O8G0D3JakwveWWT1jZJXRG0QT6y9Xy4ENiWleon60UAKD5frJtnNu3AH8ElATk
uh5iPyMzvvZ+dthAeVjyOnYiRTI3/z+8nWrY2Yxd5dumg8YuGP4Xg24lhSzxRFluqflWytRy
jOabskU4bjjW9MTMhLXDR5P1UG1ilkCG1CK883No8b4QguQhMTCPv4/3vta3E2V3m1APGCJf
n9GNXaJTi4/369ECAwEAAaOCAZ8wggGbMB0GA1UdDgQWBBQ/lnMko0FQsFkSo7eGshVplcTt
nDAOBgNVHQ8BAf8EBAMCBSAwHwYDVR0jBBgwFoAUjkp9iaFjFxyBiDRXNyZFXhmKfiQwMwYD
VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5sbC5taXQuZWR1L2dldGNybC9MTENBMjBiBggr
BgEFBQcBAQRWMFQwLQYIKwYBBQUHMAKGIWh0dHA6Ly9jcmwubGwubWl0LmVkdS9nZXR0by9M
TENBMjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AubGwubWl0LmVkdS8wDAYDVR0TAQH/BAIw
ADA9BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDg+Udh+ynZoathxWD6vBFhbahHx2F69Bw
g+vtIAIBZAIBBDAlBgNVHSUEHjAcBgRVHSUABggrBgEFBQcDBAYKKwYBBAGCNwoDBDAYBgNV
HSAEETAPMA0GCyqGSIb3EgIBAwEIMCIGA1UdEQQbMBmBF3Rob21hcy5tb3llckBsbC5taXQu
ZWR1MA0GCSqGSIb3DQEBCwUAA4IBAQBwwPS4BoKbBymCVEqjxedOV4E5Fru8DwWklJ3GD7C+
wttuGXTKfy51Jdb2fySXLKSrhXZ0hM4c8gdUpOZN8SShDXFFdHt3pc5k4ZW2JBvkTv3MYDr3
UIJqQMpuKx5S/yZjOgcsIuDHzwa6Wh+YwlEa1eiJJ3KYdqKQiKUht0ogXAJK/UfbUraLTKBr
HYFAzDC5a2bgDjS4yDGfx7M1hWHAXYEqNcXp9MTPhCayleDpFAeBsNdihvFzuQfXJioY3hHl
Tf36w7GE4RMfnEHvrZzVvfZ4kDkN0Eta85cj8Oc/YtYN/j9RaFkZzw+MsygDhUDMPuyBVvdn
P6L1gdK5yCyCMYIB5TCCAeECAQEwXzBRMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWTUlUIExp
bmNvbG4gTGFib3JhdG9yeTEMMAoGA1UECxMDUEtJMRMwEQYDVQQDEwpNSVRMTCBDQS0yAgpb
npTCAAAAAE9nMAkGBSsOAwIaBQCgXTAjBgkqhkiG9w0BCQQxFgQU2ABBFnPUGuLjzPf5dkxq
Ltz5rEMwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTIxMDIz
MTkyODE2WjANBgkqhkiG9w0BAQEFAASCAQAJtt7pY1V9lqtS+j9joq9Eff5aCTAVKVCxF0xK
+uFUa/rTV7D247bV5q+YMUMJ0fHU2UqHufVXrtoJomMQag3YKb2OV2vjUzDNhGspt/XHUqn6
fT7WDEbh813nIxXquvbb951s2dBmbgusOBIrzj9YIpfFFlSbnZ0QqWE2KhJZfNmptWqqmNAG
Ja6+mPV+zAYvxi7v+qmF35G8/arULjiEsR+4/vjBoiXvfCLCwoHARXjI1MMBTjZWgaNs3gj8
ZlLhGVQ3RLNKDy4n7qCat0SQ8h7CM9hA+MBl9oANYfEb793SfgYJbHh/fO999Tzymt7qvjFH
z+RyIvLicXa/Bb5m

--B_3433850896_72386686--

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from goalie.tycho.ncsc.mil (goalie [144.51.3.250])
	by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id q9NJrWFd019057
	for <selinux@tycho.nsa.gov>; Tue, 23 Oct 2012 15:53:32 -0400
Received: by mail-we0-f181.google.com with SMTP id u54so2730265wey.12
        for <selinux@tycho.nsa.gov>; Tue, 23 Oct 2012 12:52:57 -0700 (PDT)
Message-ID: <1351021973.2774.2.camel@d30.localdomain>
Subject: Re: Question about policy module error message
From: Dominick Grift <dominick.grift@gmail.com>
To: "Moyer, Thomas - 0668 - MITLL" <thomas.moyer@ll.mit.edu>
Cc: "selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>
Date: Tue, 23 Oct 2012 21:52:53 +0200
In-Reply-To: <CCAC6810.2205%thomas.moyer@ll.mit.edu>
References: <CCAC6810.2205%thomas.moyer@ll.mit.edu>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Sender: owner-selinux@tycho.nsa.gov
List-Id: selinux@tycho.nsa.gov



On Tue, 2012-10-23 at 15:28 -0400, Moyer, Thomas - 0668 - MITLL wrote:
> I am trying to build an SELinux policy module for a piece of software
> I am writing. I used sepolgen to create an initial skeleton policy
> (running on Red Hat Enterprise Linux 6). I get the following error
> when I try and install the policy:
> 
> 
> sudo ./interface.sh
> Building and Loading Policy
> + make -f /usr/share/selinux/devel/Makefile
> make: Nothing to be done for `all'.
> + /usr/sbin/semodule -i interface.pp
> libsemanage.semanage_fc_sort: WARNING: semanage_fc_sort: Incomplete
> context.
> libsepol.sepol_context_from_string: malformed context "dnl"
> libsepol.sepol_context_from_string: could not construct context from
> string
> libsepol.context_from_string: could not create context structure
> libsepol.sepol_context_to_sid: could not convert dnl to sid
> invalid context dnl
> libsemanage.semanage_install_active: setfiles returned error code 1.
> /usr/sbin/semodule:  Failed!
> 
> 
> Below is the interface.fc file since I think the error might be in
> there.
> /usr/local/bin/interface --
> gen_context(system_u:object_r:interface_exec_t,s0)
> /usr/local/libexec/interface gen_context(system_u:object_r:usr_t,s0)
> /usr/local/libexec/interface/WebApp.jar --
> gen_context(system_u:object_r:httpd_sys_content_t,s0)
> /usr/local/libexec/interface/keystore --
> gen_context(system_u:object_r:interfaceKey_t,s0)
> /usr/local/libexec/interface/ui-files(/.*)?
> gen_context(system_u:object_r:httpd_sys_content_t,s0)
> 

Maybe "interface" is a keyword. Could you try another name for the sake
of testing?

The .fc contents look OK to me.

Also make sure that the .fc has a newline at the end ( but i do not
think this is what causes this

> Not sure how to go about debugging this.
> 
> 
> Thanks for the help.
> 
> 
> -Tom
> 
> 
> -- 
> Thomas Moyer, Technical Staff voice: (781) 981-1374
> Cyber Systems Technology Group mobile: (857) 268-0493
> MIT Lincoln Laboratory email: thomas.moyer@ll.mit.edu
> 244 Wood Street
> Lexington, MA 02420



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from goalie.tycho.ncsc.mil (goalie [144.51.3.250])
	by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id q9NKUxwb021996
	for <selinux@tycho.nsa.gov>; Tue, 23 Oct 2012 16:30:59 -0400
From: "Moyer, Thomas - 0668 - MITLL" <thomas.moyer@ll.mit.edu>
To: Dominick Grift <dominick.grift@gmail.com>
CC: "selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>
Date: Tue, 23 Oct 2012 16:30:48 -0400
Subject: Re: Question about policy module error message
Message-ID: <CCAC7590.2211%thomas.moyer@ll.mit.edu>
In-Reply-To: <1351021973.2774.2.camel@d30.localdomain>
Content-Type: multipart/signed; protocol="application/pkcs7-signature";
	micalg=sha1; boundary="B_3433854648_72588631"
MIME-Version: 1.0
Sender: owner-selinux@tycho.nsa.gov
List-Id: selinux@tycho.nsa.gov

--B_3433854648_72588631
Content-type: text/plain;
	charset="US-ASCII"
Content-transfer-encoding: 7bit

So it turns out that the name I used it didn't like and the second name I
used (ui-interface) is also didn't like.

When I tried uiInterface, things started working again. I don't know what
the difference is, but maybe someone can enlighten me as to why the
SELinux policy generation tools don't like things with hyphens in the name?

-Tom

-- 
Thomas Moyer, Technical Staff		voice: (781) 981-1374
Cyber Systems Technology Group		mobile: (857) 268-0493
MIT Lincoln Laboratory				email: thomas.moyer@ll.mit.edu
244 Wood Street
Lexington, MA 02420







On 10/23/12 3:52 PM, "Dominick Grift" <dominick.grift@gmail.com> wrote:

>
>
>On Tue, 2012-10-23 at 15:28 -0400, Moyer, Thomas - 0668 - MITLL wrote:
>> I am trying to build an SELinux policy module for a piece of software
>> I am writing. I used sepolgen to create an initial skeleton policy
>> (running on Red Hat Enterprise Linux 6). I get the following error
>> when I try and install the policy:
>> 
>> 
>> sudo ./interface.sh
>> Building and Loading Policy
>> + make -f /usr/share/selinux/devel/Makefile
>> make: Nothing to be done for `all'.
>> + /usr/sbin/semodule -i interface.pp
>> libsemanage.semanage_fc_sort: WARNING: semanage_fc_sort: Incomplete
>> context.
>> libsepol.sepol_context_from_string: malformed context "dnl"
>> libsepol.sepol_context_from_string: could not construct context from
>> string
>> libsepol.context_from_string: could not create context structure
>> libsepol.sepol_context_to_sid: could not convert dnl to sid
>> invalid context dnl
>> libsemanage.semanage_install_active: setfiles returned error code 1.
>> /usr/sbin/semodule:  Failed!
>> 
>> 
>> Below is the interface.fc file since I think the error might be in
>> there.
>> /usr/local/bin/interface --
>> gen_context(system_u:object_r:interface_exec_t,s0)
>> /usr/local/libexec/interface gen_context(system_u:object_r:usr_t,s0)
>> /usr/local/libexec/interface/WebApp.jar --
>> gen_context(system_u:object_r:httpd_sys_content_t,s0)
>> /usr/local/libexec/interface/keystore --
>> gen_context(system_u:object_r:interfaceKey_t,s0)
>> /usr/local/libexec/interface/ui-files(/.*)?
>> gen_context(system_u:object_r:httpd_sys_content_t,s0)
>> 
>
>Maybe "interface" is a keyword. Could you try another name for the sake
>of testing?
>
>The .fc contents look OK to me.
>
>Also make sure that the .fc has a newline at the end ( but i do not
>think this is what causes this
>
>> Not sure how to go about debugging this.
>> 
>> 
>> Thanks for the help.
>> 
>> 
>> -Tom
>> 
>> 
>> -- 
>> Thomas Moyer, Technical Staff voice: (781) 981-1374
>> Cyber Systems Technology Group mobile: (857) 268-0493
>> MIT Lincoln Laboratory email: thomas.moyer@ll.mit.edu
>> 244 Wood Street
>> Lexington, MA 02420
>
>

--B_3433854648_72588631
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIIUEgYJKoZIhvcNAQcCoIIUAzCCE/8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
EfUwggTUMIIDvKADAgECAgpbnpTCAAAAAE9nMA0GCSqGSIb3DQEBCwUAMFExCzAJBgNVBAYT
AlVTMR8wHQYDVQQKExZNSVQgTGluY29sbiBMYWJvcmF0b3J5MQwwCgYDVQQLEwNQS0kxEzAR
BgNVBAMTCk1JVExMIENBLTIwHhcNMTIwODI0MTMzNzMyWhcNMTMwODI0MTMzNzMyWjBhMQsw
CQYDVQQGEwJVUzEfMB0GA1UEChMWTUlUIExpbmNvbG4gTGFib3JhdG9yeTEPMA0GA1UECxMG
UGVvcGxlMSAwHgYDVQQDExdNb3llci5UaG9tYXMuTS41MDAxMjcxNTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAN2kzL21gle2n6FJ68b7s6rhJUZWK4zTnKN9TD7tGS1mLNuD
kO55g8tKHf8g+TM5nK89anV960D+4cwbWK4sbs9pQcrrSlzhQJhsZ4QSqMWsT9Gzq2qucaSw
Tge3LuySmA/8JPbVa3c+sSQNYc6qkbGKg97WYA+CP/CKknN8yS14S2OX1W27GJsTzF4c84Ya
B1qRBAwfBQMFbd51AfZ5j0c6isk0ov8kJkyYrqHKj4qbOG8WjvmSkPA+pXcbwUEnWXJLtCZZ
4+aZIQ2Sv7DE35urlrzYjrY6ENUzDV5dy86oFKjf8nJFiIV6NtYVSkRVOK2e5KqsGpIdcAOp
TJus/y8CAwEAAaOCAZwwggGYMB0GA1UdDgQWBBQVe66M3+xu+px9yukwqwj+SAbDUTAOBgNV
HQ8BAf8EBAMCBsAwHwYDVR0jBBgwFoAUjkp9iaFjFxyBiDRXNyZFXhmKfiQwMwYDVR0fBCww
KjAooCagJIYiaHR0cDovL2NybC5sbC5taXQuZWR1L2dldGNybC9MTENBMjBiBggrBgEFBQcB
AQRWMFQwLQYIKwYBBQUHMAKGIWh0dHA6Ly9jcmwubGwubWl0LmVkdS9nZXR0by9MTENBMjAj
BggrBgEFBQcwAYYXaHR0cDovL29jc3AubGwubWl0LmVkdS8wDAYDVR0TAQH/BAIwADA9Bgkr
BgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDg+Udh+ynZoathxWD6vBFhbahHx2Fy94yh/+KcwIB
ZAIBBTAiBgNVHSUBAf8EGDAWBggrBgEFBQcDBAYKKwYBBAGCNwoDDDAYBgNVHSAEETAPMA0G
CyqGSIb3EgIBAwEIMCIGA1UdEQQbMBmBF3Rob21hcy5tb3llckBsbC5taXQuZWR1MA0GCSqG
SIb3DQEBCwUAA4IBAQCUlrkm+GfYTCj6nbpoLyXLDymErn/IuDj+nzH2IAWCjSyo4Nbeu4hD
AaXgbMtbweHWdgFSy9KeyricQO1T0LTY+nG7dcl4gP7Vwb7/Yz5/XHYdjynATFgonjWaLmNQ
QtPR5xTccEg+WYEXIUks11te7R21Xcq9xcVRpkEGJH+lCGkmLJBFPHTGqCgM/WwtQEu3T8JO
BbYKmNmdZZ9nvwFrttjG8PEyNIIiWIxoy/WI9DDgfNOVeIjwDUU5GIyaA3Oa2hiRkmyLot8c
IAWZoxCZXs43/ydlPsrU/TUuhwpG+OjOo6n2sd0OaExHv4A1p3nrn/+uH/BCvxHY9oX9GepK
MIIEtzCCA5+gAwIBAgIBFDANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQGEwJVUzEfMB0GA1UE
ChMWTUlUIExpbmNvbG4gTGFib3JhdG9yeTEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1NSVRM
TCBSb290IENBMB4XDTA5MTIxNDEyMDAwMFoXDTE1MTIzMTIzNTk1OVowUTELMAkGA1UEBhMC
VVMxHzAdBgNVBAoTFk1JVCBMaW5jb2xuIExhYm9yYXRvcnkxDDAKBgNVBAsTA1BLSTETMBEG
A1UEAxMKTUlUTEwgQ0EtMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcEyyNh
SIfsN6AzBwVhZkzo6SdjNGAQ7mA2A8T0kmdCB8MH6jWjVVMwFZwlg9cgjgLKEuEO9KN8K9M8
jgeZEMoinlRfk3YELPC7sEkkzBQkcVpLhEwALue9iHowgSLGmXZpYKmRhfvhvYJ4MNCuIaWp
cK/GaDZCE+U2aTg42kv/zQrH3AoqFX81OF7niwXNnanP1hQRfkMTRrnaEW8DX0TMaG/t9Ry5
xSMrLTNc9DvQtjA5ZcuWnECiUpyDBFWxLr9yx7xgf1/LwgCxcoBeKSBBoWzkQmKAsgMo9Mq1
Fp/nnIqw5FKmgOs7Vy+6e0Dk+cgf+oAV8AK8ZFMQrVE0uH0CAwEAAaOCAZUwggGRMBIGA1Ud
EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFI5KfYmhYxccgYg0VzcmRV4Zin4kMB8GA1UdIwQY
MBaAFGeqes/0Cqa5crWKoNKd8hDDQ+0pMA4GA1UdDwEB/wQEAwIBhjBhBggrBgEFBQcBAQRV
MFMwLQYIKwYBBQUHMAKGIWh0dHA6Ly9jcmwubGwubWl0LmVkdS9nZXR0bz9MTFJDQTAiBggr
BgEFBQcwAYYWaHR0cDovL29jc3AubGwubWl0LmVkdTAzBgNVHR8ELDAqMCigJqAkhiJodHRw
Oi8vY3JsLmxsLm1pdC5lZHUvZ2V0Y3JsP0xMUkNBMIGSBgNVHSAEgYowgYcwDQYLKoZIhvcS
AgEDAQYwDQYLKoZIhvcSAgEDAQgwDQYLKoZIhvcSAgEDAQcwDQYLKoZIhvcSAgEDAQkwDQYL
KoZIhvcSAgEDAQowDQYLKoZIhvcSAgEDAQswDQYLKoZIhvcSAgEDAQ4wDQYLKoZIhvcSAgED
AQ8wDQYLKoZIhvcSAgEDARAwDQYJKoZIhvcNAQELBQADggEBAIh3BqHQ/XH8C6DCL+eEGroO
zxBcCqTNItmsv4MANaOTodgU2jrjHcGjXlzqhpb8ZxOlkAK3dK09rc6+yACcoK2TzVtDRZXY
xov/SqZRjI3dufU2JatAPxosCyy/1otjl1TKUY47Wvft31vdf5i0XK2DQVEJ+XlqtgBiFTVI
MIfBJwPajrsiz+pgFEYwhhwJxvs8flSi0FLCE77VYLEioP5hxG6zIPeQRxzh1bogbfphWHHt
oiTDkBSZ4UfvGXQTVf7QjhD5yYw10yICtjHmtgbfgBkH5/vvR92NY9RSlNPzZqmGKIia61bJ
CmagRYGyexfedVNF0cJWL4J/cLHhgNYwggODMIICa6ADAgECAgEBMA0GCSqGSIb3DQEBBQUA
MFQxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZNSVQgTGluY29sbiBMYWJvcmF0b3J5MQwwCgYD
VQQLEwNQS0kxFjAUBgNVBAMTDU1JVExMIFJvb3QgQ0EwHhcNMDgwOTIzMTIwMDAwWhcNMjkx
MjMxMjM1OTU5WjBUMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWTUlUIExpbmNvbG4gTGFib3Jh
dG9yeTEMMAoGA1UECxMDUEtJMRYwFAYDVQQDEw1NSVRMTCBSb290IENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxU4pF1iyJrL5rYq/XBAKg93kCTATG7Bw0NGFpEJ1A3Xs
r6UIIq9/1VJBOgCwDqrVsAK1lRwy/lkrHzPkobiMr1wzjQ28SR/9sg5kAcmrMqBYbc302qtw
CGKZxdNdhAh2nUOCO10AMpUsCNdpikPY9ukT8lsA+eorM4Q1rc/L0J6AHRptOU7IuDBdZj+t
dNb7gv+GKknr6wj9m2sVGawoaG7AAqhsWvQUM/q4h/H5FpYlwnVAEh2AzhqiG9bwl6uJJIzJ
/8uUWldNkVwz1I5fR/vCaxiLXIW4oUydBuRKTG+ekEoxHGuD73yx5JtsSciS8HQL2oEM8tv+
VAC+albqgwIDAQABo2AwXjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRnqnrP9AqmuXK1
iqDSnfIQw0PtKTAfBgNVHSMEGDAWgBRnqnrP9AqmuXK1iqDSnfIQw0PtKTALBgNVHQ8EBAMC
AYYwDQYJKoZIhvcNAQEFBQADggEBAD4bbQVg0Hh42EpYX4/JPkNS3OUAEWR/YgzZUY1QGi9r
QZ4pfcjU1/TaoNT8Y7Yf0RO+e9NiG9+BDhQH/kQiZOQo9rv9NUb8xDtKCYCad7zEQtVsYsWu
vK2XLw/Ji1m2eBvoOB4RS/5LAWfNws7W+DWt2ayzeTCyrLSrx7ZVgBjzNOm0TPIkbfppdwgx
uo7FZL8ts+M2492Al87d3VasevUS1pprRBEupChmPTt1hjtajkQOpT4BQAzP1lVEYrWzlv+O
/lbP9iujKpYWcfYqQ3FGf37YCvuDeues4xm+nqmyraNsNeI8Gh3XDIwqfzHnLhy4Y80VyqN/
Jj8df3SK9AAwggTXMIIDv6ADAgECAgpbn2n6AAAAAE9oMA0GCSqGSIb3DQEBCwUAMFExCzAJ
BgNVBAYTAlVTMR8wHQYDVQQKExZNSVQgTGluY29sbiBMYWJvcmF0b3J5MQwwCgYDVQQLEwNQ
S0kxEzARBgNVBAMTCk1JVExMIENBLTIwHhcNMTIwODI0MTMzODI3WhcNMTMwODI0MTMzODI3
WjBhMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWTUlUIExpbmNvbG4gTGFib3JhdG9yeTEPMA0G
A1UECxMGUGVvcGxlMSAwHgYDVQQDExdNb3llci5UaG9tYXMuTS41MDAxMjcxNTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAInOjv4PcQYSwcse3b/iU13ufWpydhGF1zKyWx6V
xn7EhTdIiVqRZSWEEhUN54ZZvcNCjJigjNc92nS7/DZ6QzHTDuWlIvgi76xgl8bbK6oCKEv8
0+LBZKd4w3O8G0D3JakwveWWT1jZJXRG0QT6y9Xy4ENiWleon60UAKD5frJtnNu3AH8ElATk
uh5iPyMzvvZ+dthAeVjyOnYiRTI3/z+8nWrY2Yxd5dumg8YuGP4Xg24lhSzxRFluqflWytRy
jOabskU4bjjW9MTMhLXDR5P1UG1ilkCG1CK883No8b4QguQhMTCPv4/3vta3E2V3m1APGCJf
n9GNXaJTi4/369ECAwEAAaOCAZ8wggGbMB0GA1UdDgQWBBQ/lnMko0FQsFkSo7eGshVplcTt
nDAOBgNVHQ8BAf8EBAMCBSAwHwYDVR0jBBgwFoAUjkp9iaFjFxyBiDRXNyZFXhmKfiQwMwYD
VR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5sbC5taXQuZWR1L2dldGNybC9MTENBMjBiBggr
BgEFBQcBAQRWMFQwLQYIKwYBBQUHMAKGIWh0dHA6Ly9jcmwubGwubWl0LmVkdS9nZXR0by9M
TENBMjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3AubGwubWl0LmVkdS8wDAYDVR0TAQH/BAIw
ADA9BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDg+Udh+ynZoathxWD6vBFhbahHx2F69Bw
g+vtIAIBZAIBBDAlBgNVHSUEHjAcBgRVHSUABggrBgEFBQcDBAYKKwYBBAGCNwoDBDAYBgNV
HSAEETAPMA0GCyqGSIb3EgIBAwEIMCIGA1UdEQQbMBmBF3Rob21hcy5tb3llckBsbC5taXQu
ZWR1MA0GCSqGSIb3DQEBCwUAA4IBAQBwwPS4BoKbBymCVEqjxedOV4E5Fru8DwWklJ3GD7C+
wttuGXTKfy51Jdb2fySXLKSrhXZ0hM4c8gdUpOZN8SShDXFFdHt3pc5k4ZW2JBvkTv3MYDr3
UIJqQMpuKx5S/yZjOgcsIuDHzwa6Wh+YwlEa1eiJJ3KYdqKQiKUht0ogXAJK/UfbUraLTKBr
HYFAzDC5a2bgDjS4yDGfx7M1hWHAXYEqNcXp9MTPhCayleDpFAeBsNdihvFzuQfXJioY3hHl
Tf36w7GE4RMfnEHvrZzVvfZ4kDkN0Eta85cj8Oc/YtYN/j9RaFkZzw+MsygDhUDMPuyBVvdn
P6L1gdK5yCyCMYIB5TCCAeECAQEwXzBRMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWTUlUIExp
bmNvbG4gTGFib3JhdG9yeTEMMAoGA1UECxMDUEtJMRMwEQYDVQQDEwpNSVRMTCBDQS0yAgpb
npTCAAAAAE9nMAkGBSsOAwIaBQCgXTAjBgkqhkiG9w0BCQQxFgQU/amujUwJO3LiQx1dop7U
3hzjDAAwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTIxMDIz
MjAzMDQ4WjANBgkqhkiG9w0BAQEFAASCAQDYDaF6+eVzH9Dxu/1FB2PLt8l0TFKVzEtgIREh
HMav5jSCkmx0czO4WQdb309nEaMT4v6EqZvZq4rOh9kT7zDqnZYF2T9DOqxqG5eqOlggeR2U
wewmHIbcT4RZAE0iM8G4ymgirMAlOXh4bYJWgEUNOpz3WrQMG50wBrNWCvt9SXajHqDSfJJm
zsFOorQsXFsSvUUnjg6TujXZrjJ0I7IzjlvHYssNmOQfCTYAjaidSa9+oc15VpkldMd2nnIt
Af/dj80FeiFdnrrZ9gjJRM6agA2xkzxfDiTtAl+buy1UMm4/q83mMHw7UQy4pI7MFYcvPMPf
xuuf5IqMGO5/AVyj

--B_3433854648_72588631--

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from goalie.tycho.ncsc.mil (goalie [144.51.3.250])
	by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id q9NKnFp6023117
	for <selinux@tycho.nsa.gov>; Tue, 23 Oct 2012 16:49:15 -0400
Received: by mail-wg0-f49.google.com with SMTP id gg4so2532826wgb.30
        for <selinux@tycho.nsa.gov>; Tue, 23 Oct 2012 13:49:08 -0700 (PDT)
Message-ID: <1351025344.2774.13.camel@d30.localdomain>
Subject: Re: Question about policy module error message
From: Dominick Grift <dominick.grift@gmail.com>
To: "Moyer, Thomas - 0668 - MITLL" <thomas.moyer@ll.mit.edu>
Cc: "selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>
Date: Tue, 23 Oct 2012 22:49:04 +0200
In-Reply-To: <CCAC7590.2211%thomas.moyer@ll.mit.edu>
References: <CCAC7590.2211%thomas.moyer@ll.mit.edu>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Sender: owner-selinux@tycho.nsa.gov
List-Id: selinux@tycho.nsa.gov



On Tue, 2012-10-23 at 16:30 -0400, Moyer, Thomas - 0668 - MITLL wrote:
> So it turns out that the name I used it didn't like and the second name I
> used (ui-interface) is also didn't like.
> 
> When I tried uiInterface, things started working again. I don't know what
> the difference is, but maybe someone can enlighten me as to why the
> SELinux policy generation tools don't like things with hyphens in the name?
> 
> -Tom
> 

I suspect that it chokes on "interface". The hyphen might make
ui-interface seem like ui and interface to it or so

interface is used in the m4 macro's (it is a part of what makes selinux
policy modular):

> ##############################
> #
> # In the future interfaces should be in loadable modules
> #
> # interface(name,rules)
> #
> define(`interface',` dnl
> 	ifdef(`$1',`refpolicyerr(`duplicate definition of $1(). Original definition on '$1.) define(`__if_error')',`define(`$1',__line__)') dnl
> 	`define(`$1',` dnl
> 	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
> 	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
> 	$2
> 	popdef(`policy_call_depth') dnl
> 	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
> 	'')
> ')
> 

So as long as you avoid keywords like (-)?interface(-)?, (-)?template(-)? (and maybe some others) it may work



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from goalie.tycho.ncsc.mil (goalie [144.51.3.250])
	by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id q9ODlq8K023636
	for <selinux@tycho.nsa.gov>; Wed, 24 Oct 2012 09:47:52 -0400
Message-ID: <5087F15E.7080600@redhat.com>
Date: Wed, 24 Oct 2012 09:47:10 -0400
From: Daniel J Walsh <dwalsh@redhat.com>
MIME-Version: 1.0
To: "Moyer, Thomas - 0668 - MITLL" <thomas.moyer@ll.mit.edu>
CC: "selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>
Subject: Re: Question about policy module error message
References: <CCAC6810.2205%thomas.moyer@ll.mit.edu>
In-Reply-To: <CCAC6810.2205%thomas.moyer@ll.mit.edu>
Content-Type: text/plain; charset=ISO-8859-1
Sender: owner-selinux@tycho.nsa.gov
List-Id: selinux@tycho.nsa.gov

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/23/2012 03:28 PM, Moyer, Thomas - 0668 - MITLL wrote:
> I am trying to build an SELinux policy module for a piece of software I am 
> writing. I used sepolgen to create an initial skeleton policy (running on
> Red Hat Enterprise Linux 6). I get the following error when I try and
> install the policy:
> 
> sudo ./interface.sh Building and Loading Policy + make -f
> /usr/share/selinux/devel/Makefile make: Nothing to be done for `all'. +
> /usr/sbin/semodule -i interface.pp libsemanage.semanage_fc_sort: WARNING:
> semanage_fc_sort: Incomplete context. libsepol.sepol_context_from_string:
> malformed context "dnl" libsepol.sepol_context_from_string: could not
> construct context from string libsepol.context_from_string: could not
> create context structure libsepol.sepol_context_to_sid: could not convert
> dnl to sid invalid context dnl libsemanage.semanage_install_active:
> setfiles returned error code 1. /usr/sbin/semodule:  Failed!
> 
> Below is the interface.fc file since I think the error might be in there. 
> /usr/local/bin/interface--gen_context(system_u:object_r:interface_exec_t,s0)
>
> 
/usr/local/libexec/interfacegen_context(system_u:object_r:usr_t,s0)
> /usr/local/libexec/interface/WebApp.jar--gen_context(system_u:object_r:httpd_sys_content_t,s0)
>
> 
/usr/local/libexec/interface/keystore--gen_context(system_u:object_r:interfaceKey_t,s0)
> /usr/local/libexec/interface/ui-files(/.*)?gen_context(system_u:object_r:httpd_sys_content_t,s0)
>
>  Not sure how to go about debugging this.
> 
> Thanks for the help.
> 
> -Tom
> 
> -- Thomas Moyer, Technical Staffvoice: (781) 981-1374 Cyber Systems
> Technology Groupmobile: (857) 268-0493 MIT Lincoln Laboratoryemail:
> thomas.moyer@ll.mit.edu <mailto:thomas.moyer@ll.mit.edu> 244 Wood Street 
> Lexington, MA 02420

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCH8V4ACgkQrlYvE4MpobPDWACg5xFkTK7zVH8iGcFiJlhNhL+g
gAMAmgIWUxhqjNqWPofHJPggPrA5u0mI
=DjZp
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from goalie.tycho.ncsc.mil (goalie [144.51.3.250])
	by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id q9ODm9EE023664
	for <selinux@tycho.nsa.gov>; Wed, 24 Oct 2012 09:48:09 -0400
Message-ID: <5087ED62.5050605@redhat.com>
Date: Wed, 24 Oct 2012 09:30:10 -0400
From: Daniel J Walsh <dwalsh@redhat.com>
MIME-Version: 1.0
To: "Moyer, Thomas - 0668 - MITLL" <thomas.moyer@ll.mit.edu>
CC: "selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>
Subject: Re: Question about policy module error message
References: <CCAC6810.2205%thomas.moyer@ll.mit.edu>
In-Reply-To: <CCAC6810.2205%thomas.moyer@ll.mit.edu>
Content-Type: text/plain; charset=ISO-8859-1
Sender: owner-selinux@tycho.nsa.gov
List-Id: selinux@tycho.nsa.gov

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/23/2012 03:28 PM, Moyer, Thomas - 0668 - MITLL wrote:
> I am trying to build an SELinux policy module for a piece of software I am 
> writing. I used sepolgen to create an initial skeleton policy (running on
> Red Hat Enterprise Linux 6). I get the following error when I try and
> install the policy:
> 
> sudo ./interface.sh Building and Loading Policy + make -f
> /usr/share/selinux/devel/Makefile make: Nothing to be done for `all'. +
> /usr/sbin/semodule -i interface.pp libsemanage.semanage_fc_sort: WARNING:
> semanage_fc_sort: Incomplete context. libsepol.sepol_context_from_string:
> malformed context "dnl" libsepol.sepol_context_from_string: could not
> construct context from string libsepol.context_from_string: could not
> create context structure libsepol.sepol_context_to_sid: could not convert
> dnl to sid invalid context dnl libsemanage.semanage_install_active:
> setfiles returned error code 1. /usr/sbin/semodule:  Failed!
> 
> Below is the interface.fc file since I think the error might be in there. 
> /usr/local/bin/interface--gen_context(system_u:object_r:interface_exec_t,s0)
>
> 
/usr/local/libexec/interfacegen_context(system_u:object_r:usr_t,s0)
> /usr/local/libexec/interface/WebApp.jar--gen_context(system_u:object_r:httpd_sys_content_t,s0)
>
> 
/usr/local/libexec/interface/keystore--gen_context(system_u:object_r:interfaceKey_t,s0)
> /usr/local/libexec/interface/ui-files(/.*)?gen_context(system_u:object_r:httpd_sys_content_t,s0)
>
>  Not sure how to go about debugging this.
> 
> Thanks for the help.
> 
> -Tom
> 
> -- Thomas Moyer, Technical Staffvoice: (781) 981-1374 Cyber Systems
> Technology Groupmobile: (857) 268-0493 MIT Lincoln Laboratoryemail:
> thomas.moyer@ll.mit.edu <mailto:thomas.moyer@ll.mit.edu> 244 Wood Street 
> Lexington, MA 02420
Can you attach all the files  libsemanage seems to be complaining about dnl,
but not sure if that is really in one of your files.  Also defining context
for usr_t,  and httpd_sys_content_t should not be required or should be pushed
to the base httpd package.

- From looking at the file context layout it looks like your app should be
cleaned up to put content into better directories.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlCH7WIACgkQrlYvE4MpobMNAgCguTt/8z+zEyTNx9nlFAA7EBgP
9aAAn1gWyEgUoP4yB06o3dan+GjvniJp
=3avV
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from goalie.tycho.ncsc.mil (goalie [144.51.3.250])
	by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id q9OG6j6O001579
	for <selinux@tycho.nsa.gov>; Wed, 24 Oct 2012 12:06:45 -0400
Message-ID: <508811E8.4090704@tresys.com>
Date: Wed, 24 Oct 2012 12:06:00 -0400
From: "Christopher J. PeBenito" <cpebenito@tresys.com>
MIME-Version: 1.0
To: Dominick Grift <dominick.grift@gmail.com>
CC: "Moyer, Thomas - 0668 - MITLL" <thomas.moyer@ll.mit.edu>,
        "selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>
Subject: Re: Question about policy module error message
References: <CCAC7590.2211%thomas.moyer@ll.mit.edu> <1351025344.2774.13.camel@d30.localdomain>
In-Reply-To: <1351025344.2774.13.camel@d30.localdomain>
Content-Type: text/plain; charset="ISO-8859-1"
Sender: owner-selinux@tycho.nsa.gov
List-Id: selinux@tycho.nsa.gov

On 10/23/12 16:49, Dominick Grift wrote:
> 
> 
> On Tue, 2012-10-23 at 16:30 -0400, Moyer, Thomas - 0668 - MITLL wrote:
>> So it turns out that the name I used it didn't like and the second name I
>> used (ui-interface) is also didn't like.
>>
>> When I tried uiInterface, things started working again. I don't know what
>> the difference is, but maybe someone can enlighten me as to why the
>> SELinux policy generation tools don't like things with hyphens in the name?
>>
>> -Tom
>>
> 
> I suspect that it chokes on "interface". The hyphen might make
> ui-interface seem like ui and interface to it or so
> 
> interface is used in the m4 macro's (it is a part of what makes selinux
> policy modular):
> 
>> ##############################
>> #
>> # In the future interfaces should be in loadable modules
>> #
>> # interface(name,rules)
>> #
>> define(`interface',` dnl
>> 	ifdef(`$1',`refpolicyerr(`duplicate definition of $1(). Original definition on '$1.) define(`__if_error')',`define(`$1',__line__)') dnl
>> 	`define(`$1',` dnl
>> 	pushdef(`policy_call_depth',incr(policy_call_depth)) dnl
>> 	policy_m4_comment(policy_call_depth,begin `$1'(dollarsstar)) dnl
>> 	$2
>> 	popdef(`policy_call_depth') dnl
>> 	policy_m4_comment(policy_call_depth,end `$1'(dollarsstar)) dnl
>> 	'')
>> ')
>>
> 
> So as long as you avoid keywords like (-)?interface(-)?, (-)?template(-)? (and maybe some others) it may work

I'll see what I can do to fix this situation.  I think we should be able to adjust the refpolicy infrastructure to not have these keyword problems since the only macro we really need for processing .fc files is gen_context().

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.