[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [XSM] Can't Build Policies

  • To: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
  • From: Thomas DuBuisson <thomas.dubuisson@xxxxxxxxx>
  • Date: Thu, 9 Apr 2009 11:04:16 -0700
  • Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Thu, 09 Apr 2009 11:04:48 -0700
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=dyzOqgoMhKksK9Z3EVsRIlfbifzCz55choEanxC6SZyeCQIdMJjC3m3oXH9SIUTCKf EfegfP38xcXziZSpvTEJk0csTmbI3Yyyj402MS/CyD4oehx6v5jG3rGqsDeShyXGfLDr vOMPnLbnp/f6hLAkzLtULXN9p9T8dv3XaJEks=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
Oops, right you are on the colon, but it still doesn't work correctly
(even updated, cleaned, rebuilt) which I'm guessing is something to do
with a broken checkpolicy install if it works for you.  I'll explore
that.

--------------------
[tom@Mavlo policy]$ /usr/bin/checkpolicy -d -c 20 policy.conf -o policy.20
/usr/bin/checkpolicy:  loading policy configuration from policy.conf
tmp/only_te_rules.conf":55:ERROR 'syntax error' at token ':' on line 491:
################################################################################
allow dom0_t xen_t:xen {kexec readapic writeapic mtrr_read mtrr_add
mtrr_del scheduler physinfo heap quirk readconsole writeconsole
settime microcode};
checkpolicy:  error(s) encountered while parsing configuration
--------------------

Thomas

On Thu, Apr 9, 2009 at 6:46 AM, George S. Coker, II
<gscoker@xxxxxxxxxxxxxx> wrote:
>
>
>
> On 4/8/09 5:55 PM, "Thomas DuBuisson" <thomas.dubuisson@xxxxxxxxx> wrote:
>
>> Using the latest libsepol, libselinux, checkpolicy from [1] (also
>> tried [2]), I can't get xen-unstable.hg/tools/flask/policy to build:
>>
>> Using make:
>> ------------------------------
>> [tom@Mavlo policy]$ make policy
>> cat: /selinux/policyvers: No such file or directory
>> Creating xenrefpolicy policy.conf
>> m4 -D self_contained_policy  -s tmp/pre_te_files.conf
>> tmp/generated_definitions.conf tmp/all_interfaces.conf
>> tmp/all_attrs_types.conf policy/global_booleans policy/global_tunables
>> tmp/only_te_rules.conf tmp/all_post.conf > tmp/policy.conf.tmp
>> sed -e /^portcon/d -e /^nodecon/d -e /^netifcon/d <
>> tmp/policy.conf.tmp > policy.conf
>> Compiling xenrefpolicy policy.20
>> /usr/bin/checkpolicy -c 20 policy.conf -o policy.20
>> /usr/bin/checkpolicy:  loading policy configuration from policy.conf
>> tmp/only_te_rules.conf":55:ERROR 'syntax error' at token ':' on line 489:
>> ##############################################################################
>> ##
>> allow dom0_t xen_t:xen {kexec readapic writeapic mtrr_read mtrr_add mtrr_del
>> checkpolicy:  error(s) encountered while parsing configuration
>> make: *** [policy.20] Error 1
>> -----------------------------------
>>
>> Direct checkpolicy call (after fixing that newline on the 'allow') is the
>> same:
>> ------------------
>> [tom@Mavlo policy]$ /usr/bin/checkpolicy -d -c 20 policy.conf -o policy.20
>> /usr/bin/checkpolicy:  loading policy configuration from policy.conf
>> tmp/only_te_rules.conf":55:ERROR 'syntax error' at token 'xen' on line 489:
>> ##############################################################################
>> ##
>> allow dom0_t xen_t xen {kexec readapic writeapic mtrr_read mtrr_add
>> mtrr_del scheduler physinfo heap quirk readconsole writeconsole
>> settime microcode};
>> checkpolicy:  error(s) encountered while parsing configuration
>> -------------------
>
> I just checked, there doesn't seem to be anything broken in the tree (I can
> build and load the sample policy).
>
> It's hard to say what your problem is but I notice in your debug output that
> you are missing the colon separator between the types and the class, e.g.
>
>    allow dom0_t xen_t: xen {kexec ....}
>
> Please check your edits and try make clean, make policy.  You can call
> checkpolicy by hand as above but remember that policy.conf is created during
> the build process and any changes to the core policy files will not be
> reflected in policy.conf unless you rebuild it through the make file.
>
>
>>
>> I no longer remember anything about the syntax of this language -
>> could someone else give me a hand?
>>
>> Thomas
>>
>> [1] http://userspace.selinuxproject.org/releases/20090403/devel/
>> [2] http://userspace.selinuxproject.org/releases/20080909/stable/
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-devel
>
> --
> George S. Coker, II <gscoker@xxxxxxxxxxxxxx>
>
>
>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.