I am using the experimental selinux-cyrus-sasl package 20050918. I have just emerged the latest updates and now my selinux policy won't compile. It fails on domains/program/saslauthd.te, line 26: "allow saslauthd_t pop_port_t:tcp_socket name_connect;" Telling me there's a unknown type pop_port_t at token ';' If I comment out line 26 of the saslauthd.te file, it works fine. Reproducible: Always Steps to Reproduce: 1. cd /etc/security/selinux/src/policy/ 2. make Actual Results: same error as described Expected Results: build the selinux policy Portage 2.0.51.22-r2 (selinux/2004.1/x86/hardened, gcc-3.3.6, glibc-2.3.5-r1, 2.6.11-hardened-r15 i686) ================================================================= System uname: 2.6.11-hardened-r15 i686 AMD Duron(tm) Processor Gentoo Base System version 1.6.13 dev-lang/python: 2.3.5-r2 sys-apps/sandbox: 1.2.11 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon -O3 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon -O3 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks loadpolicy sandbox selinux sfperms strict" GENTOO_MIRRORS="ftp.snt.utwente.nl/pub/os/linux/gentoo" LINGUAS="en us nl" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="acpi apache2 berkdb bzlib caps crypt cscope dio dlloader fam ftp gd gdbm gif gpm hardened imap ipv6 java jpeg junit kerberos ldap libg++ libwww lm_sensor maildir mailwrapper mime mmap mmx motif mysql ncurses nls offensive pam pcre pdflib perl php pic pie png posix postgres python readline ruby sasl selinux slang snmp sockets ssl truetype unicode usb vhosts x86 xml xml2 xmlrpc xsl zlib linguas_en linguas_us linguas_nl userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, PORTDIR_OVERLAY /etc/portage/package.keywords: sec-policy/selinux-kerberos ~x86 sec-policy/selinux-openldap ~x86 sec-policy/selinux-cyrus-sasl ~x86 =app-crypt/heimdal-0.7 ~x86 sys-auth/pam_krb5 ~x86
net_contexts contains a if statement for the pop_port_t: ifdef(`use_pop', ` portcon tcp 106 system_u:object_r:pop_port_t portcon tcp 109 system_u:object_r:pop_port_t portcon tcp 110 system_u:object_r:pop_port_t ') saslauthd.te should contain the same if statement for the pop_port_t: ifdef(`use_pop', ` allow saslauthd_t pop_port_t:tcp_socket name_connect; ') this resolves the problem.
fixed in selinux-cyrus-sasl-20060218 thanks for the bug report