[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [XSM] Can't Build Policies
Oops, right you are on the colon, but it still doesn't work correctly (even updated, cleaned, rebuilt) which I'm guessing is something to do with a broken checkpolicy install if it works for you. I'll explore that. -------------------- [tom@Mavlo policy]$ /usr/bin/checkpolicy -d -c 20 policy.conf -o policy.20 /usr/bin/checkpolicy: loading policy configuration from policy.conf tmp/only_te_rules.conf":55:ERROR 'syntax error' at token ':' on line 491: ################################################################################ allow dom0_t xen_t:xen {kexec readapic writeapic mtrr_read mtrr_add mtrr_del scheduler physinfo heap quirk readconsole writeconsole settime microcode}; checkpolicy: error(s) encountered while parsing configuration -------------------- Thomas On Thu, Apr 9, 2009 at 6:46 AM, George S. Coker, II <gscoker@xxxxxxxxxxxxxx> wrote: > > > > On 4/8/09 5:55 PM, "Thomas DuBuisson" <thomas.dubuisson@xxxxxxxxx> wrote: > >> Using the latest libsepol, libselinux, checkpolicy from [1] (also >> tried [2]), I can't get xen-unstable.hg/tools/flask/policy to build: >> >> Using make: >> ------------------------------ >> [tom@Mavlo policy]$ make policy >> cat: /selinux/policyvers: No such file or directory >> Creating xenrefpolicy policy.conf >> m4 -D self_contained_policy -s tmp/pre_te_files.conf >> tmp/generated_definitions.conf tmp/all_interfaces.conf >> tmp/all_attrs_types.conf policy/global_booleans policy/global_tunables >> tmp/only_te_rules.conf tmp/all_post.conf > tmp/policy.conf.tmp >> sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d < >> tmp/policy.conf.tmp > policy.conf >> Compiling xenrefpolicy policy.20 >> /usr/bin/checkpolicy -c 20 policy.conf -o policy.20 >> /usr/bin/checkpolicy: loading policy configuration from policy.conf >> tmp/only_te_rules.conf":55:ERROR 'syntax error' at token ':' on line 489: >> ############################################################################## >> ## >> allow dom0_t xen_t:xen {kexec readapic writeapic mtrr_read mtrr_add mtrr_del >> checkpolicy: error(s) encountered while parsing configuration >> make: *** [policy.20] Error 1 >> ----------------------------------- >> >> Direct checkpolicy call (after fixing that newline on the 'allow') is the >> same: >> ------------------ >> [tom@Mavlo policy]$ /usr/bin/checkpolicy -d -c 20 policy.conf -o policy.20 >> /usr/bin/checkpolicy: loading policy configuration from policy.conf >> tmp/only_te_rules.conf":55:ERROR 'syntax error' at token 'xen' on line 489: >> ############################################################################## >> ## >> allow dom0_t xen_t xen {kexec readapic writeapic mtrr_read mtrr_add >> mtrr_del scheduler physinfo heap quirk readconsole writeconsole >> settime microcode}; >> checkpolicy: error(s) encountered while parsing configuration >> ------------------- > > I just checked, there doesn't seem to be anything broken in the tree (I can > build and load the sample policy). > > It's hard to say what your problem is but I notice in your debug output that > you are missing the colon separator between the types and the class, e.g. > > allow dom0_t xen_t: xen {kexec ....} > > Please check your edits and try make clean, make policy. You can call > checkpolicy by hand as above but remember that policy.conf is created during > the build process and any changes to the core policy files will not be > reflected in policy.conf unless you rebuild it through the make file. > > >> >> I no longer remember anything about the syntax of this language - >> could someone else give me a hand? >> >> Thomas >> >> [1] http://userspace.selinuxproject.org/releases/20090403/devel/ >> [2] http://userspace.selinuxproject.org/releases/20080909/stable/ >> >> _______________________________________________ >> Xen-devel mailing list >> Xen-devel@xxxxxxxxxxxxxxxxxxx >> http://lists.xensource.com/xen-devel > > -- > George S. Coker, II <gscoker@xxxxxxxxxxxxxx> > > > _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |