|
|
|
|
|
|
|
|
|
|
xen-devel
Re: [Xen-devel] [XSM] Can't Build Policies
On 4/8/09 5:55 PM, "Thomas DuBuisson" <thomas.dubuisson@xxxxxxxxx> wrote:
> Using the latest libsepol, libselinux, checkpolicy from [1] (also
> tried [2]), I can't get xen-unstable.hg/tools/flask/policy to build:
>
> Using make:
> ------------------------------
> [tom@Mavlo policy]$ make policy
> cat: /selinux/policyvers: No such file or directory
> Creating xenrefpolicy policy.conf
> m4 -D self_contained_policy -s tmp/pre_te_files.conf
> tmp/generated_definitions.conf tmp/all_interfaces.conf
> tmp/all_attrs_types.conf policy/global_booleans policy/global_tunables
> tmp/only_te_rules.conf tmp/all_post.conf > tmp/policy.conf.tmp
> sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d <
> tmp/policy.conf.tmp > policy.conf
> Compiling xenrefpolicy policy.20
> /usr/bin/checkpolicy -c 20 policy.conf -o policy.20
> /usr/bin/checkpolicy: loading policy configuration from policy.conf
> tmp/only_te_rules.conf":55:ERROR 'syntax error' at token ':' on line 489:
> ##############################################################################
> ##
> allow dom0_t xen_t:xen {kexec readapic writeapic mtrr_read mtrr_add mtrr_del
> checkpolicy: error(s) encountered while parsing configuration
> make: *** [policy.20] Error 1
> -----------------------------------
>
> Direct checkpolicy call (after fixing that newline on the 'allow') is the
> same:
> ------------------
> [tom@Mavlo policy]$ /usr/bin/checkpolicy -d -c 20 policy.conf -o policy.20
> /usr/bin/checkpolicy: loading policy configuration from policy.conf
> tmp/only_te_rules.conf":55:ERROR 'syntax error' at token 'xen' on line 489:
> ##############################################################################
> ##
> allow dom0_t xen_t xen {kexec readapic writeapic mtrr_read mtrr_add
> mtrr_del scheduler physinfo heap quirk readconsole writeconsole
> settime microcode};
> checkpolicy: error(s) encountered while parsing configuration
> -------------------
I just checked, there doesn't seem to be anything broken in the tree (I can
build and load the sample policy).
It's hard to say what your problem is but I notice in your debug output that
you are missing the colon separator between the types and the class, e.g.
allow dom0_t xen_t: xen {kexec ....}
Please check your edits and try make clean, make policy. You can call
checkpolicy by hand as above but remember that policy.conf is created during
the build process and any changes to the core policy files will not be
reflected in policy.conf unless you rebuild it through the make file.
>
> I no longer remember anything about the syntax of this language -
> could someone else give me a hand?
>
> Thomas
>
> [1] http://userspace.selinuxproject.org/releases/20090403/devel/
> [2] http://userspace.selinuxproject.org/releases/20080909/stable/
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
--
George S. Coker, II <gscoker@xxxxxxxxxxxxxx>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|