I downloaded the policy-src rpm in order to build a base policy. I used the modules-targeted.conf. My goal is to simply add an interface in kernel's module for ipsec packets. I am running targeted policy on FC5 test3. My build.conf states I am building targeted, modular policy.

When I try to install my base policy, I received the following:

  semodule -b base.pp
  libsepol.link_modules: Tried to link in an MLS module with a    non-MLS base.
  libsemanage.semanage_link_sandbox: Link packages failed   semodule: Failed!

The targeted modules.conf states "mls=base" is required. Just to see what would happen, I commented out "mls=base" and rebuilt my base policy. The compile fails though because there are references to mls_trusted_object() throughout several modules and this interface is defined in mls module.

For example:
Compiling refpolicy base module
/usr/bin/checkmodule base.conf -o tmp/base.mod
/usr/bin/checkmodule: loading policy configuration from base.conf
tmp/only_te_rules.conf:36:ERROR 'syntax error' at token 'mls_trusted_object' on line 40705:

mls_trusted_object(devtty_t)
/usr/bin/checkmodule: error(s) encountered while parsing configuration
make: *** [tmp/base.mod] Error 1

What am I doing wrong?

Regards,
Joy

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.