• 1

Building a monolithic policy

Hi Dan,

I have read and followed your blogs and found a lot of good tips.

I would like to know if you have blog that show how to build a monolithic policy.

I have tried but failed to build a monolithic policy with a RHEL6 policy source v3.7.19. I have tried three different ways:

1. Edited selinux-policy.spec and set "%define monolithic y". I got this compiling error

make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=redhat UBAC=n DIRECT_INITRC=n MONOLITHIC=y POLY=y MLS_CATS=1024 MCS_CATS=1024 base.pp
make: *** No rule to make target `base.pp'

Obviously, the spec was written for build modular policy only.

2. Modified build.conf, set MONOLITHIC = y, and built from command line "make policy". I got this error

/usr/bin/checkpolicy: loading policy configuration from policy.conf
policy/modules/apps/gitosis.te":10:ERROR 'syntax error' at token 'typeattribute' on line 2132630:
typeattribute gitosis_t application_domain_type;
#line 10
checkpolicy: error(s) encountered while parsing configuration

3. Modified policy/modules.conf, set all modules to "base", and built from command line "make policy. I got the same error as in 2.

Do you know if building a monolithic policy is still supported and what is the proper steps to do that?

Thank you very much.


Re: Building a monolithic policy

It should work, but you could be revealing a bug in our policy that is covered up with modular policy. I would remove the gitosis module to see if everything builds.

Might be better to carry on this discussion on the fedora or refpolicy lists.

  • 1

Log in