search

fedora-selinux / selinux-policy

selinux-policy for Fedora is a large patch off the mainline
GNU General Public License v2.0
168 stars 172 forks source link

Many optional elements are hiddenly disabled in policies #287

Open mikhailnov opened 5 years ago

mikhailnov commented 5 years ago

I have recently found that in semodule utility and in libsepol in general it is impossible to turn on maximal debug level. See https://github.com/SELinuxProject/selinux/issues/176

When Fedora's selinux-policy and fedora-policy-contrib are built with libsepol with that patch applied, libsepol thows a lot of warnings about depreceated and unresolvable statements.

I think policy developers did not see them due to libsepol not telling about them by default (or meybe it does tell it?)

Github does not allow to post full log here (it is too long), bellow is a fragment. Full log is attached as a file.

Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1105
Disabling optional 'abrt_optional_5' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1102
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1106
Disabling optional 'abrt_optional_5' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1102
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1107
Disabling optional 'abrt_optional_5' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1102
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1113
Disabling optional 'abrt_optional_5' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1102
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1114
Disabling optional 'abrt_optional_5' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1102
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1115
Disabling optional 'abrt_optional_5' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1102
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1116
Disabling optional 'abrt_optional_5' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1102
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1117
Disabling optional 'abrt_optional_5' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1102
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1118
Disabling optional 'abrt_optional_5' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1102
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/abrt/cil:1119
Disabling optional 'alsa_optional_2' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/alsa/cil:198
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/alsa/cil:200
Disabling optional 'alsa_optional_2' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/alsa/cil:198
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/alsa/cil:201
Disabling optional 'alsa_optional_2' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/alsa/cil:198
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/alsa/cil:203
Disabling optional 'alsa_optional_2' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/alsa/cil:198
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/alsa/cil:206
Disabling optional 'alsa_optional_2' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/alsa/cil:198
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/alsa/cil:207
Disabling optional 'apache_optional_43' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3109
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3111
Disabling optional 'apache_optional_43' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3109
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3112
Disabling optional 'apache_optional_43' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3109
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3113
Disabling optional 'apache_optional_43' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3109
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3115
Disabling optional 'apache_optional_43' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3109
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3116
Disabling optional 'apache_optional_43' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3109
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3117
Disabling optional 'apache_optional_43' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3109
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3118
Disabling optional 'apache_optional_43' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3109
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3119
Disabling optional 'apache_optional_43' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3109
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3120
Disabling optional 'apache_optional_43' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3109
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3121
Disabling optional 'apache_optional_43' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3109
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3122
Disabling optional 'apache_optional_43' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3109
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3123
Disabling optional 'apache_optional_43' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3109
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3124
Disabling optional 'apache_optional_60' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3376
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3377
Disabling optional 'apache_optional_60' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3376
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3378
Disabling optional 'apache_optional_60' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3376
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3379
Disabling optional 'apache_optional_60' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3376
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3380
Disabling optional 'apache_optional_60' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3376
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3381
Disabling optional 'apache_optional_60' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3376
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apache/cil:3382
Disabling optional 'apcupsd_optional_8' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:469
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:486
Disabling optional 'apcupsd_optional_8' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:469
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:487
Disabling optional 'apcupsd_optional_8' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:469
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:493
Disabling optional 'apcupsd_optional_8' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:469
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:494
Disabling optional 'apcupsd_optional_8' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:469
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:495
Disabling optional 'apcupsd_optional_8' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:469
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:496
Disabling optional 'apcupsd_optional_8' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:469
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:497
Disabling optional 'apcupsd_optional_8' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:469
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:498
Disabling optional 'apcupsd_optional_8' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:469
Failed to resolve dontaudit statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apcupsd/cil:617
Disabling optional 'apm_optional_17' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:725
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:742
Disabling optional 'apm_optional_17' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:725
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:743
Disabling optional 'apm_optional_17' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:725
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:749
Disabling optional 'apm_optional_17' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:725
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:750
Disabling optional 'apm_optional_17' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:725
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:751
Disabling optional 'apm_optional_17' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:725
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:752
Disabling optional 'apm_optional_17' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:725
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:753
Disabling optional 'apm_optional_17' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:725
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:754
Disabling optional 'apm_optional_17' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:725
Failed to resolve dontaudit statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:873
Disabling optional 'apm_optional_24' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1155
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1157
Disabling optional 'apm_optional_24' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1155
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1158
Disabling optional 'apm_optional_24' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1155
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1163
Disabling optional 'apm_optional_24' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1155
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1164
Disabling optional 'apm_optional_24' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1155
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1165
Disabling optional 'apm_optional_24' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1155
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1166
Disabling optional 'apm_optional_24' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1155
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1167
Disabling optional 'apm_optional_24' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1155
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/apm/cil:1168
Disabling optional 'application_optional_3' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/application/cil:26
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/application/cil:27
Disabling optional 'application_optional_3' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/application/cil:26
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/application/cil:30
Disabling optional 'auditadm_optional_5' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/auditadm/cil:266
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/auditadm/cil:268
Disabling optional 'auditadm_optional_5' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/auditadm/cil:266
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/auditadm/cil:273
Disabling optional 'authlogin_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/authlogin/cil:1313
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/authlogin/cil:1314
Disabling optional 'authlogin_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/authlogin/cil:1313
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/authlogin/cil:1315
Disabling optional 'authlogin_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/authlogin/cil:1313
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/authlogin/cil:1316
Disabling optional 'authlogin_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/authlogin/cil:1313
Failed to resolve dontaudit statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/authlogin/cil:1317
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13037
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13039
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13040
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13041
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typeattributeset statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13042
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13072
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13073
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13074
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13075
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13076
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13077
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13078
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13079
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13080
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13081
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13082
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13083
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13084
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve allow statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13085
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13088
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13089
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13090
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13091
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13092
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13093
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13094
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13095
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13096
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13097
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13098
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13099
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13100
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13101
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13102
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13103
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13104
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
Failed to resolve typetransition statement at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13105
Disabling optional 'base_optional_12' at /builddir/build/BUILDROOT/selinux-policy-3.14.5-48-rosa2019.0.noarch-buildroot/var/lib/selinux/targeted/tmp/modules/100/base/cil:13032
<...>

Full log: script_output.zip

perfinion commented 5 years ago

For reference, the semodule verbosity fix is here: https://github.com/SELinuxProject/selinux/pull/182

zpytela commented 4 years ago

This issue seems to be a policycoreutils one, @vmojzis could you please take a look?

bachradsusi commented 4 years ago

@zpytela It's expected in the current state of Fedora SELinux policy. E,g. alsa.te contains optional blocks referencing hald_t type but Fedora does not ship hal module:

optional_policy(`
    hal_use_fds(alsa_t)
    hal_write_log(alsa_t)
')

it expands to

198(optional alsa_optional_2                                                                                                                                                                                        
199    (typeattributeset cil_gen_require var_t)                                                                                                                                                                     
200    (typeattributeset cil_gen_require hald_t)                                                                                                                                                                    
201    (typeattributeset cil_gen_require hald_log_t)                                                                                                                                                                
202    (typeattributeset cil_gen_require var_log_t)                                                                                                                                                                 
203    (allow alsa_t hald_t (fd (use)))                                                                                                                                                                             
204    (allow alsa_t var_t (dir (getattr open search)))                                                                                                                                                             
205    (allow alsa_t var_log_t (dir (getattr open search)))                                                                                                                                                         
206    (allow alsa_t hald_log_t (dir (getattr open search)))                                                                                                                                                        
207    (allow alsa_t hald_log_t (file (ioctl write getattr lock append open)))                                                                                                                                      
208)

and semodule -v -v -i alsa.cil correctly reports:

ailed to resolve typeattributeset statement at /var/lib/selinux/targeted/tmp/modules/400/alsa/cil:200
Disabling optional 'alsa_optional_2' at /var/lib/selinux/targeted/tmp/modules/400/alsa/cil:198
Failed to resolve typeattributeset statement at /var/lib/selinux/targeted/tmp/modules/400/alsa/cil:201
Disabling optional 'alsa_optional_2' at /var/lib/selinux/targeted/tmp/modules/400/alsa/cil:198
Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/400/alsa/cil:203
Disabling optional 'alsa_optional_2' at /var/lib/selinux/targeted/tmp/modules/400/alsa/cil:198
Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/400/alsa/cil:206
Disabling optional 'alsa_optional_2' at /var/lib/selinux/targeted/tmp/modules/400/alsa/cil:198
Failed to resolve allow statement at /var/lib/selinux/targeted/tmp/modules/400/alsa/cil:207
Disabling optional 'alsa_optional_2' at /var/lib/selinux/targeted/tmp/modules/400/alsa/cil:198
wrabcak commented 4 years ago

Work we need to do here is to drop unused SELinux modules in our policy and also do clean up of these optional blocks.

zpytela commented 4 years ago

I understand that if there is a final decision not to support a module, large cleanup should be in place.

wrabcak commented 4 years ago

In general, we should do cleanup of SELinux modules we have in SELinux policy but they are not active so decision was made in past, we just need to drop it from sources.

arymangupta commented 3 years ago

I am facing this issue not sure what is the reason here

[user@redhat7 ~]$ sudo semodule -v -v -i user.pp Attempting to install module 'user.pp': Ok: return value of 0. Committing changes: Failed to resolve typeattributeset statement at /etc/selinux/targeted/tmp/modules/400/user/cil:4 semodule: Failed!

[user@redhat7 ~]$ sudo semodule -v -v -i user.cil Attempting to install module 'user.cil': libsemanage.map_file: Unable to open user.cil (No such file or directory). libsemanage.semanage_direct_install_file: Unable to read file user.cil (No such file or directory). semodule: Failed on user.cil!