[Xen-devel] [XSM] Can't Build Policies

To:	xen-devel@xxxxxxxxxxxxxxxxxxx
Subject:	[Xen-devel] [XSM] Can't Build Policies
From:	Thomas DuBuisson <thomas.dubuisson@xxxxxxxxx>
Date:	Wed, 8 Apr 2009 14:55:10 -0700
Delivery-date:	Wed, 08 Apr 2009 14:55:41 -0700
Dkim-signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=Stanu/LT0k1X7EB9q/bU4Of8iI+qo1DggjsmE3RrisE=; b=XKvTDJASUHewe0ZViDwUX0lYcgGZsACnKDE47TiL5zLPGAdKR+2iusFZ3M/PqBv50P L35jmtdkicVgttXqCJbuyN2EUFXA3ntYS//lQhVIpQ3ZCPMHmcQsGJ4K5VntwvbDQHR9 2ZJijSOunNiV7to+5tso2gYG0c7mp1BKS3a6s=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=obbPR33pUwY/wf/xEFqFRMAWD7Qs8nPCcgB8kWtKWk0fZkiP/4wA3zLFKRCo/vAJDK 2uAjzdECVyBPqEQE10lAiVE4FH0+AUButYVQa/vZh+Eup42YA2kvpntL+1yAHjJsdU3n JVlMPknbaYPl2O8c7Y1UBZZAuYAb6bI+IxlPQ=
Envelope-to:	www-data@xxxxxxxxxxxxxxxxxxx
List-help:	<mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id:	Xen developer discussion <xen-devel.lists.xensource.com>
List-post:	<mailto:xen-devel@lists.xensource.com>
List-subscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe:	<http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender:	xen-devel-bounces@xxxxxxxxxxxxxxxxxxx

Using the latest libsepol, libselinux, checkpolicy from [1] (also
tried [2]), I can't get xen-unstable.hg/tools/flask/policy to build:

Using make:
------------------------------
[tom@Mavlo policy]$ make policy
cat: /selinux/policyvers: No such file or directory
Creating xenrefpolicy policy.conf
m4 -D self_contained_policy  -s tmp/pre_te_files.conf
tmp/generated_definitions.conf tmp/all_interfaces.conf
tmp/all_attrs_types.conf policy/global_booleans policy/global_tunables
tmp/only_te_rules.conf tmp/all_post.conf > tmp/policy.conf.tmp
sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d <
tmp/policy.conf.tmp > policy.conf
Compiling xenrefpolicy policy.20
/usr/bin/checkpolicy -c 20 policy.conf -o policy.20
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
tmp/only_te_rules.conf":55:ERROR 'syntax error' at token ':' on line 489:
################################################################################
allow dom0_t xen_t:xen {kexec readapic writeapic mtrr_read mtrr_add mtrr_del
checkpolicy:  error(s) encountered while parsing configuration
make: *** [policy.20] Error 1
-----------------------------------

Direct checkpolicy call (after fixing that newline on the 'allow') is the same:
------------------
[tom@Mavlo policy]$ /usr/bin/checkpolicy -d -c 20 policy.conf -o policy.20
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
tmp/only_te_rules.conf":55:ERROR 'syntax error' at token 'xen' on line 489:
################################################################################
allow dom0_t xen_t xen {kexec readapic writeapic mtrr_read mtrr_add
mtrr_del scheduler physinfo heap quirk readconsole writeconsole
settime microcode};
checkpolicy:  error(s) encountered while parsing configuration
-------------------

I no longer remember anything about the syntax of this language -
could someone else give me a hand?

Thomas

[1] http://userspace.selinuxproject.org/releases/20090403/devel/
[2] http://userspace.selinuxproject.org/releases/20080909/stable/

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

WARNING - OLD ARCHIVES

xen-devel

[Xen-devel] [XSM] Can't Build Policies