Bug 107387 - make policy fails on saslauthd.te:26, unknown type pop_port_t
Bug#: 107387 Product:  Gentoo Linux Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: minor Priority: P2
Resolution: FIXED Assigned To: kaiowas@gentoo.org Reported By: mivz@spugium.net
Component: Hardened
URL: 
Summary: make policy fails on saslauthd.te:26, unknown type pop_port_t
Keywords:  
Status Whiteboard: 
Opened: 2005-09-27 05:44 0000
Description:   Opened: 2005-09-27 05:44 0000 
I am using the experimental selinux-cyrus-sasl package 20050918.
I have just emerged the latest updates and now my selinux policy won't compile.
It fails on domains/program/saslauthd.te, line 26: "allow saslauthd_t
pop_port_t:tcp_socket name_connect;"
Telling me there's a unknown type pop_port_t at token ';'
If I comment out line 26 of the saslauthd.te file, it works fine.

Reproducible: Always
Steps to Reproduce:
1. cd /etc/security/selinux/src/policy/
2. make
Actual Results:  
same error as described

Expected Results:  
build the selinux policy

Portage 2.0.51.22-r2 (selinux/2004.1/x86/hardened, gcc-3.3.6, glibc-2.3.5-r1,
2.6.11-hardened-r15 i686)
=================================================================
System uname: 2.6.11-hardened-r15 i686 AMD Duron(tm) Processor
Gentoo Base System version 1.6.13
dev-lang/python:     2.3.5-r2
sys-apps/sandbox:    1.2.11
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6
sys-devel/binutils:  2.15.92.0.2-r10
sys-devel/libtool:   1.5.18-r1
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=athlon -O3 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=athlon -O3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks loadpolicy sandbox selinux sfperms strict"
GENTOO_MIRRORS="ftp.snt.utwente.nl/pub/os/linux/gentoo"
LINGUAS="en us nl"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acpi apache2 berkdb bzlib caps crypt cscope dio dlloader fam ftp gd gdbm
gif gpm hardened imap ipv6 java jpeg junit kerberos ldap libg++ libwww lm_sensor
maildir mailwrapper mime mmap mmx motif mysql ncurses nls offensive pam pcre
pdflib perl php pic pie png posix postgres python readline ruby sasl selinux
slang snmp sockets ssl truetype unicode usb vhosts x86 xml xml2 xmlrpc xsl zlib
linguas_en linguas_us linguas_nl userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, PORTDIR_OVERLAY


/etc/portage/package.keywords:
sec-policy/selinux-kerberos ~x86
sec-policy/selinux-openldap ~x86
sec-policy/selinux-cyrus-sasl ~x86
=app-crypt/heimdal-0.7 ~x86
sys-auth/pam_krb5 ~x86

------- Comment #1 From Mivz 2006-02-14 01:43:58 0000 ------- 
net_contexts contains a if statement for the pop_port_t:

ifdef(`use_pop', `
portcon tcp 106 system_u:object_r:pop_port_t
portcon tcp 109 system_u:object_r:pop_port_t
portcon tcp 110 system_u:object_r:pop_port_t
')

saslauthd.te should contain the same if statement for the pop_port_t:

ifdef(`use_pop', `
allow saslauthd_t pop_port_t:tcp_socket name_connect;
')

this resolves the problem.

------- Comment #2 From petre rodan (RETIRED) 2006-02-18 08:36:36 0000 ------- 
fixed in selinux-cyrus-sasl-20060218
thanks for the bug report