我正在使用启用了 SELinux 的 Debian 6。
现在,我只想更改默认策略并将 my-policy 设为活动策略。为此,我下载了 debian 的 refpolicy 并尝试编译它。
似乎rolemap找不到文件。但rolemap定义在Makefile.src.
此外,解析/tmp/example.tmp文件在'introduce()' line:28.
在下面找到 make 的输出:
debian:/opt/policy-src/debian# make -f Makefile.src all Compiling default example module echo "ifdef(\`""example""_per_role_template',\`" > tmp/example.mod.role m4
-D distro_debian -D direct_sysadm_daemon -D hide_broken_symptoms -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D mandatory_mcs rolemap | gawk '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $3 "; role " $1 ";)\nexample_per_role_template(" $2 "," $3 "," $1 ")" }' >> tmp/example.mod.role echo "')" >> tmp/example.mod.role echo "ifdef(\`""example""_per_userdomain_template',\`" >> tmp/example.mod.role echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""example""_per_userdomain_template)'__endline__)" >> tmp/example.mod.role m4 -D distro_debian -D direct_sysadm_daemon -D hide_broken_symptoms -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D mandatory_mcs rolemap | gawk '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $3 "; role " $1 ";)\nexample_per_userdomain_template(" $2 "," $3 "," $1 ")" }' >> tmp/example.mod.role echo "')" >> tmp/example.mod.role m4 -D distro_debian -D direct_sysadm_daemon -D hide_broken_symptoms -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D mandatory_mcs -s tmp/all_interfaces.conf example.te tmp/example.mod.role > tmp/example.tmp /usr/bin/checkmodule -m tmp/example.tmp -o tmp/example.mod /usr/bin/checkmodule: loading policy configuration from tmp/example.tmp tmp/all_interfaces.conf":28:ERROR 'Building a policy module, but no module specification found. ' at token 'interface' on line 28: interface(myapp_domtrans,
# /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/example.mod] Error 1
我怎样才能编制这个政策?