'syntax error' at token 'corecmd_entrypoint_all_executables' on line 49276

[jstancek]

RHEL7.3 selinux has trouble compiling newly added test policy for overlayfs:

# make test
make -C policy load
make[1]: Entering directory `/root/selinux-testsuite/policy'
# General policy build
make[2]: Entering directory `/root/selinux-testsuite/policy/test_policy'
Compiling targeted test_policy module
/usr/bin/checkmodule:  loading policy configuration from tmp/test_policy.tmp
test_policy.te:2390:ERROR 'syntax error' at token 'corecmd_entrypoint_all_executables' on line 49276:
corecmd_entrypoint_all_executables(test_overlay_client_t)

/usr/bin/checkmodule:  error(s) encountered while parsing configuration
make[2]: *** [tmp/test_policy.mod] Error 1
make[2]: Leaving directory `/root/selinux-testsuite/policy/test_policy'
make[1]: *** [build_general] Error 2
make[1]: Leaving directory `/root/selinux-testsuite/policy'
make: *** [test] Error 2

One way to work around that is:

diff --git a/policy/test_overlayfs.te b/policy/test_overlayfs.te
index bfdc3b9..1d65095 100644
--- a/policy/test_overlayfs.te
+++ b/policy/test_overlayfs.te
@@ -114,7 +114,9 @@ unconfined_runs_test(test_overlay_client_t)
 mcs_constrained(test_overlay_client_t)

 corecmd_shell_entry_type(test_overlay_client_t)
-corecmd_entrypoint_all_executables(test_overlay_client_t)
+ifdef(`corecmd_entrypoint_all_executables', `
+       corecmd_entrypoint_all_executables(test_overlay_client_t)
+')
 corecmd_exec_bin(test_overlay_client_t)

 kernel_search_proc(test_overlay_client_t)

I'm not sure how much it affects the test, because it is getting skipped for me:

overlay/test ............ skipped: overlayfs not supported with SELinux in this kernel

[stephensmalley]

@rhatdan That is one option but I doubt we truly need to allow entrypoint all executables here. Dan?

[rhatdan]

It looks like it is an older version, that was using more executables from /usr, which could have labels on them. I don't think we are doing that now, so we can probably just drop this code altogether.