On Tue, 2006-10-03 at 19:12 +0200, Andreas Sachs wrote:
Hello,
I’m trying to build a local unionfs policy module for Fedora Core 5 (kernel 2.6.17). SElinux is set to enforcing and the policy type is targeted.
After I mount a union, I get the following in my /var/log/messages
Nov 6 13:34:41 localhost kernel: SELinux: initialized (dev unionfs, type unionfs), not configured for labeling
I have written a local unionfs policy module:
policy_module(unionfs, 1.0)
require {
type fs_t;
};
fs_use_xattr unionfs system_u:object_r:fs_t;
But I get a syntax error:
Compiling targeted unionfs module
/usr/bin/checkmodule: loading policy configuration from tmp/unionfs.tmp
unionfs.te:8:ERROR 'syntax error' at token 'fs_use_xattr' on line 59102:
fs_use_xattr unionfs system_u:object_r:fs_t;
/usr/bin/checkmodule: error(s) encountered while parsing configuration
make: *** [tmp/unionfs.mod] Fehler 1
How can I do it right?
Policy modules (other than the base) only support a subset of the language, and fs_use_xattr is not supported in non-base module.
Thus, your options (as previously stated) are: 1) Grab the policy .src.rpm or upstream sources, modify them, and rebuild, or 2) Use a context= mount to set a single fixed label on the entire mount.