# semodule -v -i /usr/share/selinux/strict/postfix.ppAttempting to install module '/usr/share/selinux/strict/postfix.pp': Ok: return value of 0. Committing changes: Failed to resolve typeattributeset statement at /var/lib/selinux/strict/tmp/modules/400/postfix/cil:218 semodule: Failed! Error link to: (typeattributeset cil_gen_require syslogd_runtime_t) With last upstream refpolicy release rename have been done from *_var_run_t to *_runtime_t. interface(`logging_send_syslog_msg',` gen_require(` type syslogd_t, syslogd_runtime_t, devlog_t; ') ... # seinfo -t -x|grep syslogd_ type syslogd_client_packet_t, client_packet_type, packet_type; type syslogd_exec_t, entry_type, exec_type, file_type, non_auth_file_type, non_security_file_type; type syslogd_initrc_exec_t, entry_type, exec_type, file_type, non_auth_file_type, non_security_file_type, init_script_file_type; type syslogd_port_t, defined_port_type, port_type, reserved_port_type; type syslogd_server_packet_t, packet_type, server_packet_type; type syslogd_t, nsswitch_domain, can_receive_kernel_messages, domain, daemon; type syslogd_tmp_t, file_type, non_auth_file_type, non_security_file_type, polymember, tmpfile; type syslogd_unit_t, file_type, non_auth_file_type, non_security_file_type, systemdunit; type syslogd_var_lib_t, file_type, non_auth_file_type, non_security_file_type; type syslogd_var_run_t, file_type, non_auth_file_type, non_security_file_type, pidfile; Interface `logging_send_syslog_msg' requires `syslogd_runtime_t' which does not defined. sec-policy/selinux-base-2.20190609-r1 sec-policy/selinux-base-policy-2.20190609-r1 sec-policy/selinux-postfix-2.20190609-r1 Iteresting that master branch of hardened-refpolicy have `syslogd_runtime_t' type defined. Reproducible: Always Steps to Reproduce: 1. Update sec-policy/* to 2.20190609-r1 2. Manually try to load postfix module. Actual Results: Many modules failed to load Expected Results: Success load of all installed selinux policy modules.
My fault: wrong policy version I used.
