From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.31.250]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id r0LIeumN022058 for ; Mon, 21 Jan 2013 13:40:56 -0500 Received: by mail-wg0-f72.google.com with SMTP id fg15so6838762wgb.3 for ; Mon, 21 Jan 2013 10:40:52 -0800 (PST) From: Hung Truong References: 3086262d0228a121663cb87f5d77a07a@mail.gmail.com In-Reply-To: 3086262d0228a121663cb87f5d77a07a@mail.gmail.com MIME-Version: 1.0 Date: Mon, 21 Jan 2013 13:40:50 -0500 Message-ID: Subject: ERROR 'type staff_java_t is not within scope' at token To: SELinux Content-Type: multipart/alternative; boundary=047d7b3438eaecf3e104d3d0cc19 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov --047d7b3438eaecf3e104d3d0cc19 Content-Type: text/plain; charset=UTF-8 I have this rule in my policy: gen_require(` type staff_java_t; type cdvoip_sysadmcat_pki_cdvaserver_pem_t; ') allow staff_java_t cdvoip_sysadmcat_pki_cdvaserver_pem_t: file { read open }; and get error 'type staff_java_t is not within scope' when compile it. policy/modules/cdvoip/cdvoip_sysadmcat.te":306:ERROR 'type staff_java_t is not within scope' at token ';' on line 1684769: /usr/bin/checkpolicy: loading policy configuration from policy.conf allow staff_java_t cdvoip_sysadmcat_pki_cdvaserver_pem_t: file { read open }; checkpolicy: error(s) encountered while parsing configuration make: *** [/home/cdvadmin/workspace/cdvoip/rpms/BUILDROOT/selinux-policy-3.7.19-155el6.4.x86_64/etc/selinux/targeted/policy/policy.24] Error 1 Does anyone know why I get this error and how to fix it? BTW, if it does matter, I modified the *.spec file to build a monolithic and strict policy. Many thanks, Hung Truong --047d7b3438eaecf3e104d3d0cc19 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I have this rule in my policy:

=C2=A0

gen_require(`

=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ty= pe staff_java_t;

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0 type cdvoip_sysadmcat_pki_cdvaserver_pem_t;

')

allow staff_java_t cdvoip_s= ysadmcat_pki_cdvaserver_pem_t: file { read open };

=C2=A0

=C2=A0

and get error 'type staff_java_t is not within scop= e' =C2=A0when compile it.

=C2=A0

=C2=A0

policy/modules/cdvoip/cdvoip_s= ysadmcat.te":306:ERROR 'type staff_java_t is not within scope'= at token ';' on line 1684769:

/usr/bin/checkpolicy:= =C2=A0 loading policy configuration from policy.conf

allow staff_java_t cdvoip_sysadmca= t_pki_cdvaserver_pem_t: file { read open };

=C2=A0

checkpolicy:=C2=A0 error(s)= encountered while parsing configuration

<= span style=3D"color:#1f497d">make: *** [/home/cdvadmin/workspace/cdvoip/rpm= s/BUILDROOT/selinux-policy-3.7.19-155el6.4.x86_64/etc/selinux/targeted/poli= cy/policy.24] Error 1

=C2=A0

=C2=A0

Does anyone know why I get thi= s error and how to fix it?=C2=A0 BTW, if it does matter, I modified the *.s= pec file to build a monolithic and strict policy.

=C2=A0

Many thanks,

Hung Truong

=C2=A0

--047d7b3438eaecf3e104d3d0cc19-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.