selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* rangetranstion in cil fails and doesn't produce explanatory output
@ 2020-02-03 12:21 Denis Obrezkov
  2020-02-03 19:44 ` [Non-DoD Source] " jwcart2
  0 siblings, 1 reply; 2+ messages in thread
From: Denis Obrezkov @ 2020-02-03 12:21 UTC (permalink / raw)
  To: selinux

Hello,

I am trying to make rangetransition work, this is my cil file:
(type foo)
(type bar)
(allow foo bar (file (ioctl read write create getattr setattr lock
relabelfrom relabelto append unlink link rename execute swapon quotaon
mounton)))
(rangetransition foo bar process s0)

Now, I am trying to install it:
semodule -i lximage.cil

Failed to resolve rangetransition statement at
/var/lib/selinux/refpolicy_mcs/tmp/modules/400/lximage/cil:4
semodule:  Failed!

I use Debian Testing with refpolicy enforced. Policy type = mcs.
What is wrong with my module? How can I get more explanatory output?

-- 
Regards, Denis Obrezkov

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [Non-DoD Source] rangetranstion in cil fails and doesn't produce explanatory output
  2020-02-03 12:21 rangetranstion in cil fails and doesn't produce explanatory output Denis Obrezkov
@ 2020-02-03 19:44 ` jwcart2
  0 siblings, 0 replies; 2+ messages in thread
From: jwcart2 @ 2020-02-03 19:44 UTC (permalink / raw)
  To: Denis Obrezkov, selinux

On 2/3/20 7:21 AM, Denis Obrezkov wrote:
> Hello,
> 
> I am trying to make rangetransition work, this is my cil file:
> (type foo)
> (type bar)
> (allow foo bar (file (ioctl read write create getattr setattr lock
> relabelfrom relabelto append unlink link rename execute swapon quotaon
> mounton)))
> (rangetransition foo bar process s0)
> 
> Now, I am trying to install it:
> semodule -i lximage.cil
> 
> Failed to resolve rangetransition statement at
> /var/lib/selinux/refpolicy_mcs/tmp/modules/400/lximage/cil:4
> semodule:  Failed!
> 
> I use Debian Testing with refpolicy enforced. Policy type = mcs.
> What is wrong with my module? How can I get more explanatory output?
> 

For more information you can use semodule -v -i lximage.cil

In your case, CIL is particular in its syntax and wants:
(rangetransition foo bar process ((s0) (s0)))

Jim

-- 
James Carter <jwcart2@tycho.nsa.gov>
National Security Agency

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-02-03 19:42 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-03 12:21 rangetranstion in cil fails and doesn't produce explanatory output Denis Obrezkov
2020-02-03 19:44 ` [Non-DoD Source] " jwcart2

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).