• 1

Found what was wrong and had a workaround

Thanks for the suggestion. I have found what was wrong. There are three problems when compiling a monolithic policy:

1. In the combined policy.conf, the "user" statements, that are the results of the gen_user() macros defined at the end of some modules, are mixed among other statements. The SELinux compiler does not like that and causes the error as in my first post. To workaround this problem, I moved the gen_user() macros to users-targeted which will become users file and be added to the end of policy.conf.

To really fix this problem I think the pre-processing scripts should perform the move automatically.

The related modules are unconfineduser.te, guest.te, xguest.te. and git.te.

2. Another problem is that some type statements are defined inside a optional_policy() block in one module and referenced via gen_require() in another module. To workaround this I moved the type statements outside and above the optional_policy().

The related modules are samba.te, unconfineduser.te, and qemu.te

3. This is not quite a problem but the selinux-policy.spec file was written to build modular policy RPM only. If one wants to build a monolithic policy RPM, the file has to be modified.

  • 1

Log in