107387 – make policy fails on saslauthd.te:26, unknown type pop_port_t

Bug 107387 - make policy fails on saslauthd.te:26, unknown type pop_port_t

Summary: make policy fails on saslauthd.te:26, unknown type pop_port_t

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	petre rodan (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2005-09-27 05:44 UTC by Mivz
Modified:	2006-02-18 08:36 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mivz 2005-09-27 05:44:42 UTC

I am using the experimental selinux-cyrus-sasl package 20050918.
I have just emerged the latest updates and now my selinux policy won't compile.
It fails on domains/program/saslauthd.te, line 26: "allow saslauthd_t
pop_port_t:tcp_socket name_connect;"
Telling me there's a unknown type pop_port_t at token ';'
If I comment out line 26 of the saslauthd.te file, it works fine.

Reproducible: Always
Steps to Reproduce:
1. cd /etc/security/selinux/src/policy/
2. make
Actual Results:  
same error as described

Expected Results:  
build the selinux policy

Portage 2.0.51.22-r2 (selinux/2004.1/x86/hardened, gcc-3.3.6, glibc-2.3.5-r1,
2.6.11-hardened-r15 i686)
=================================================================
System uname: 2.6.11-hardened-r15 i686 AMD Duron(tm) Processor
Gentoo Base System version 1.6.13
dev-lang/python:     2.3.5-r2
sys-apps/sandbox:    1.2.11
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6
sys-devel/binutils:  2.15.92.0.2-r10
sys-devel/libtool:   1.5.18-r1
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=athlon -O3 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config
/usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-march=athlon -O3 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks loadpolicy sandbox selinux sfperms strict"
GENTOO_MIRRORS="ftp.snt.utwente.nl/pub/os/linux/gentoo"
LINGUAS="en us nl"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="acpi apache2 berkdb bzlib caps crypt cscope dio dlloader fam ftp gd gdbm
gif gpm hardened imap ipv6 java jpeg junit kerberos ldap libg++ libwww lm_sensor
maildir mailwrapper mime mmap mmx motif mysql ncurses nls offensive pam pcre
pdflib perl php pic pie png posix postgres python readline ruby sasl selinux
slang snmp sockets ssl truetype unicode usb vhosts x86 xml xml2 xmlrpc xsl zlib
linguas_en linguas_us linguas_nl userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, PORTDIR_OVERLAY


/etc/portage/package.keywords:
sec-policy/selinux-kerberos ~x86
sec-policy/selinux-openldap ~x86
sec-policy/selinux-cyrus-sasl ~x86
=app-crypt/heimdal-0.7 ~x86
sys-auth/pam_krb5 ~x86

Comment 1 Mivz 2006-02-14 01:43:58 UTC

net_contexts contains a if statement for the pop_port_t:

ifdef(`use_pop', `
portcon tcp 106 system_u:object_r:pop_port_t
portcon tcp 109 system_u:object_r:pop_port_t
portcon tcp 110 system_u:object_r:pop_port_t
')

saslauthd.te should contain the same if statement for the pop_port_t:

ifdef(`use_pop', `
allow saslauthd_t pop_port_t:tcp_socket name_connect;
')

this resolves the problem.

Comment 2 petre rodan (RETIRED) gentoo-dev

2006-02-18 08:36:36 UTC

fixed in selinux-cyrus-sasl-20060218
thanks for the bug report