Perumal Subramanian
Reputation: 41
Can't compile Debian RefPolicy for SELinux
I am using Debian 6 with SELinux enabled.
Now, I just want to change default policy and make my-policy as a active policy. For that I have downloaded debian's refpolicy and tried to compile it.
It seems rolemap file is not found. But rolemap is defined in Makefile.src.
Also, parsing /tmp/example.tmp file failed at 'introduce()' line:28.
Find output of make at below:
debian:/opt/policy-src/debian# make -f Makefile.src all Compiling default example module echo "ifdef(\`""example""_per_role_template',\`" > tmp/example.mod.role m4
-D distro_debian -D direct_sysadm_daemon -D hide_broken_symptoms -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D mandatory_mcs rolemap | gawk '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $3 "; role " $1 ";)\nexample_per_role_template(" $2 "," $3 "," $1 ")" }' >> tmp/example.mod.role echo "')" >> tmp/example.mod.role echo "ifdef(\`""example""_per_userdomain_template',\`" >> tmp/example.mod.role echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""example""_per_userdomain_template)'__endline__)" >> tmp/example.mod.role m4 -D distro_debian -D direct_sysadm_daemon -D hide_broken_symptoms -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D mandatory_mcs rolemap | gawk '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $3 "; role " $1 ";)\nexample_per_userdomain_template(" $2 "," $3 "," $1 ")" }' >> tmp/example.mod.role echo "')" >> tmp/example.mod.role m4 -D distro_debian -D direct_sysadm_daemon -D hide_broken_symptoms -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D mandatory_mcs -s tmp/all_interfaces.conf example.te tmp/example.mod.role > tmp/example.tmp /usr/bin/checkmodule -m tmp/example.tmp -o tmp/example.mod /usr/bin/checkmodule: loading policy configuration from tmp/example.tmp tmp/all_interfaces.conf":28:ERROR 'Building a policy module, but no module specification found. ' at token 'interface' on line 28: interface(myapp_domtrans,
# /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/example.mod] Error 1
How could I compile this policy?
Upvotes: 1
Views: 432
Answers (1)
admirableadmin
Reputation: 2759
To add your my-policy into the debian's refpolicy you have to work with the refpolicy (original sources) and the debian package (contains the example files).
See how to work with debian sources. Instead of make you should use the Debian build tools.
Step by step:
- Source Package files for Debian 6 selinux-policy-default
- run
dpkg-source -x refpolicy_0.2.20100524-7+squeeze1.dsc - goto "refpolicy-0.2.20100524" directory and make your changes
- build new debian package
dpkg-buildpackage - install new package
dpkg -i ../selinux-policy-default_0.2.20100524-7+squeeze1_all.deb
Upvotes: 0
Related Questions
- Building riscv-gnu-toolchain
- Link error undefined reference to `dgels_' in Lapack
- Could not open kernel policy /etc/selinux/targeted/active/policy.kern for reading
- glibc 2.14 install error selinux.c: error: libaudit.h no such file or directory
- Eiffel compilation through Makefile and `dpkg-buildpackage -us -uc` generating an error
- Segfault from ld-linux in my build of glibc
- How can I makefile with this
- Resolve error while loading shared libraries: libselinux.so.1 in ubuntu 14.04 LTS
- Undefined reference to sem_init and other such functions even though -lpthread and -ltr are used
- No such file found with semaphore.h and ucontext.h