WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] [XSM] Can't Build Policies

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] [XSM] Can't Build Policies
From: Thomas DuBuisson <thomas.dubuisson@xxxxxxxxx>
Date: Wed, 8 Apr 2009 14:55:10 -0700
Delivery-date: Wed, 08 Apr 2009 14:55:41 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=Stanu/LT0k1X7EB9q/bU4Of8iI+qo1DggjsmE3RrisE=; b=XKvTDJASUHewe0ZViDwUX0lYcgGZsACnKDE47TiL5zLPGAdKR+2iusFZ3M/PqBv50P L35jmtdkicVgttXqCJbuyN2EUFXA3ntYS//lQhVIpQ3ZCPMHmcQsGJ4K5VntwvbDQHR9 2ZJijSOunNiV7to+5tso2gYG0c7mp1BKS3a6s=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=obbPR33pUwY/wf/xEFqFRMAWD7Qs8nPCcgB8kWtKWk0fZkiP/4wA3zLFKRCo/vAJDK 2uAjzdECVyBPqEQE10lAiVE4FH0+AUButYVQa/vZh+Eup42YA2kvpntL+1yAHjJsdU3n JVlMPknbaYPl2O8c7Y1UBZZAuYAb6bI+IxlPQ=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Using the latest libsepol, libselinux, checkpolicy from [1] (also
tried [2]), I can't get xen-unstable.hg/tools/flask/policy to build:

Using make:
------------------------------
[tom@Mavlo policy]$ make policy
cat: /selinux/policyvers: No such file or directory
Creating xenrefpolicy policy.conf
m4 -D self_contained_policy  -s tmp/pre_te_files.conf
tmp/generated_definitions.conf tmp/all_interfaces.conf
tmp/all_attrs_types.conf policy/global_booleans policy/global_tunables
tmp/only_te_rules.conf tmp/all_post.conf > tmp/policy.conf.tmp
sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d <
tmp/policy.conf.tmp > policy.conf
Compiling xenrefpolicy policy.20
/usr/bin/checkpolicy -c 20 policy.conf -o policy.20
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
tmp/only_te_rules.conf":55:ERROR 'syntax error' at token ':' on line 489:
################################################################################
allow dom0_t xen_t:xen {kexec readapic writeapic mtrr_read mtrr_add mtrr_del
checkpolicy:  error(s) encountered while parsing configuration
make: *** [policy.20] Error 1
-----------------------------------

Direct checkpolicy call (after fixing that newline on the 'allow') is the same:
------------------
[tom@Mavlo policy]$ /usr/bin/checkpolicy -d -c 20 policy.conf -o policy.20
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
tmp/only_te_rules.conf":55:ERROR 'syntax error' at token 'xen' on line 489:
################################################################################
allow dom0_t xen_t xen {kexec readapic writeapic mtrr_read mtrr_add
mtrr_del scheduler physinfo heap quirk readconsole writeconsole
settime microcode};
checkpolicy:  error(s) encountered while parsing configuration
-------------------

I no longer remember anything about the syntax of this language -
could someone else give me a hand?

Thomas

[1] http://userspace.selinuxproject.org/releases/20090403/devel/
[2] http://userspace.selinuxproject.org/releases/20080909/stable/

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread] Current Thread [Next in Thread>