Parse error on almost empty policy files
Closed this issue · 0 comments
joenall commented
We have a number of policies that are really just .fc files with a module name
foo.te:
policy_module(foo,1.0.3)
foo.if exists but is empty
foo.fc
/opt/ourstuff/bin/app5exe -- gen_context(system_u:object_r:our_app_t,s0)
This could obviously be done differently, but there was a desire to keep the .fc with the rpm rather than in a system wide policy.
This policy will fail in selint with:
selint -r .
Note: Check E-007 is not performed because no permission macro has been parsed.
foo.te:2: (F): syntax error, unexpected end of file (F-001)
2 |
| ^
foo.te:2: (F): Error: Invalid statement (F-001)
2 |
| ^
but adding a comment makes selint happy:
policy_module(foo,1.0.3)
# no op