selinux October 2012 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Question about policy module error message

Question about policy module error message

From: Moyer, Thomas - 0668 - MITLL <thomas.moyer_at_nospam>
Date: Tue Oct 23 2012 - 19:28:16 GMT
To: "selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>

I am trying to build an SELinux policy module for a piece of software I am
writing. I used sepolgen to create an initial skeleton policy (running on
Red Hat Enterprise Linux 6). I get the following error when I try and
install the policy:

sudo ./interface.sh
Building and Loading Policy
+ make -f /usr/share/selinux/devel/Makefile
make: Nothing to be done for `all'.
+ /usr/sbin/semodule -i interface.pp
libsemanage.semanage_fc_sort: WARNING: semanage_fc_sort: Incomplete context.
libsepol.sepol_context_from_string: malformed context "dnl"
libsepol.sepol_context_from_string: could not construct context from string
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert dnl to sid
invalid context dnl
libsemanage.semanage_install_active: setfiles returned error code 1.
/usr/sbin/semodule: Failed!

Below is the interface.fc file since I think the error might be in there.
/usr/local/bin/interface --
gen_context(system_u:object_r:interface_exec_t,s0)
/usr/local/libexec/interface gen_context(system_u:object_r:usr_t,s0)
/usr/local/libexec/interface/WebApp.jar --
gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/local/libexec/interface/keystore --
gen_context(system_u:object_r:interfaceKey_t,s0)
/usr/local/libexec/interface/ui-files(/.*)?
gen_context(system_u:object_r:httpd_sys_content_t,s0)

Not sure how to go about debugging this.

Thanks for the help.

-Tom

-- Thomas Moyer, Technical Staff voice: (781) 981-1374 Cyber Systems Technology Group mobile: (857) 268-0493 MIT Lincoln Laboratory email: thomas.moyer@ll.mit.edu 244 Wood Street Lexington, MA 02420

-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.