* secilc compiles invalid policy
@ 2020-09-14 18:53 Dominick Grift
0 siblings, 0 replies; only message in thread
From: Dominick Grift @ 2020-09-14 18:53 UTC (permalink / raw)
To: selinux
Reproducer:
git clone git://git.defensec.nl/dssp-openwrt
cd dssp-openwrt
# verify that it builds properly
make
# now break it
echo '(blockinherit .file.auth.obj_base_template)(filecon "/test" file authfile_file_context)' > mod/test.cil
make
# built succeeds but resulting policy is invalid
setfiles -c policy.32 file_contexts
libsepol.context_from_record: type file.auth.obj_base_template.authfile is not defined
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert
u:r:file.auth.obj_base_template.authfile to sid
invalid context u:r:file.auth.obj_base_template.authfile
make: *** [Makefile:22: check.32] Error 255
--
gpg --locate-keys dominick.grift@defensec.nl
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098
https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098
Dominick Grift
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-09-14 18:53 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-14 18:53 secilc compiles invalid policy Dominick Grift
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.