While packing for kylin v10 (which is similar to centos 8), selinux packge fails:
Compiling targeted openvswitch-custom module
openvswitch-custom.te:71:ERROR 'permission execmod is not defined for class file' at token ';' on line 1321:
allow openvswitch_load_module_t openvswitch_load_module_exec_t:file { { getattr open map read execute ioctl } ioctl lock execmod };
#line 71
/usr/bin/checkmodule: error(s) encountered while parsing configuration
After some dig, a change in selinux/openvswitch-custom.te.in will fix the compilation:
@@ -44,7 +45,7 @@ require {
class chr_file { write getattr read open ioctl map };
class dir { write remove_name add_name lock read getattr search open };
class fd { use };
- class file { map write getattr read open execute execute_no_trans create unlink map entrypoint lock ioctl };
+ class file { map write getattr read open execute execute_no_trans create unlink map entrypoint lock ioctl execmod };
I'm not familiar with selinux, will this fix have any side affects?
While packing for kylin v10 (which is similar to centos 8), selinux packge fails:
After some dig, a change in selinux/openvswitch-custom.te.in will fix the compilation:
I'm not familiar with selinux, will this fix have any side affects?