>>> refpolicy 2.20210908 Downloading wget --passive-ftp -nd -t 3 --no-check-certificate -O '/tmp/instance-0/output-1/build/.refpolicy-2.20210908.tar.bz2.t8iKtd/output' 'https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20210908/refpolicy-2.20210908.tar.bz2' --2021-09-22 09:04:47-- https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20210908/refpolicy-2.20210908.tar.bz2 Resolving github.com (github.com)... 140.82.121.4 Connecting to github.com (github.com)|140.82.121.4|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://github-releases.githubusercontent.com/138409907/5388a405-cad7-40cc-a99e-425ff50121e0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210922%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210922T090447Z&X-Amz-Expires=300&X-Amz-Signature=e894de0db669850bbef104a9d7597c0d9c47eefea14dc92d02e3b668b56a5ff8&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=138409907&response-content-disposition=attachment%3B%20filename%3Drefpolicy-2.20210908.tar.bz2&response-content-type=application%2Foctet-stream [following] --2021-09-22 09:04:47-- https://github-releases.githubusercontent.com/138409907/5388a405-cad7-40cc-a99e-425ff50121e0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20210922%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210922T090447Z&X-Amz-Expires=300&X-Amz-Signature=e894de0db669850bbef104a9d7597c0d9c47eefea14dc92d02e3b668b56a5ff8&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=138409907&response-content-disposition=attachment%3B%20filename%3Drefpolicy-2.20210908.tar.bz2&response-content-type=application%2Foctet-stream Resolving github-releases.githubusercontent.com (github-releases.githubusercontent.com)... 2606:50c0:8003::154, 2606:50c0:8000::154, 2606:50c0:8001::154, ... Connecting to github-releases.githubusercontent.com (github-releases.githubusercontent.com)|2606:50c0:8003::154|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 556375 (543K) [application/octet-stream] Saving to: '/tmp/instance-0/output-1/build/.refpolicy-2.20210908.tar.bz2.t8iKtd/output' 0K .......... .......... .......... .......... .......... 9% 8.35M 0s 50K .......... .......... .......... .......... .......... 18% 8.71M 0s 100K .......... .......... .......... .......... .......... 27% 37.6M 0s 150K .......... .......... .......... .......... .......... 36% 30.6M 0s 200K .......... .......... .......... .......... .......... 46% 14.8M 0s 250K .......... .......... .......... .......... .......... 55% 52.3M 0s 300K .......... .......... .......... .......... .......... 64% 74.5M 0s 350K .......... .......... .......... .......... .......... 73% 44.6M 0s 400K .......... .......... .......... .......... .......... 82% 236M 0s 450K .......... .......... .......... .......... .......... 92% 113M 0s 500K .......... .......... .......... .......... ... 100% 16.6M=0.02s 2021-09-22 09:04:47 (22.6 MB/s) - '/tmp/instance-0/output-1/build/.refpolicy-2.20210908.tar.bz2.t8iKtd/output' saved [556375/556375] refpolicy-2.20210908.tar.bz2: OK (sha256: 4d3140d9fbb91322f5de36d73959464ce1d8946dcd149e36fcaf60e92444e902) >>> refpolicy 2.20210908 Extracting bzcat /tmp/instance-0/dl/refpolicy/refpolicy-2.20210908.tar.bz2 | tar --strip-components=1 -C /tmp/instance-0/output-1/build/refpolicy-2.20210908 -xf - >>> refpolicy 2.20210908 Patching Applying 0001-policy-modules-services-samba.te-make-crack-optional.patch using patch: patching file policy/modules/services/samba.te >>> refpolicy 2.20210908 Configuring /usr/bin/sed -i -e "/OUTPUT_POLICY/c\OUTPUT_POLICY = 33" /tmp/instance-0/output-1/build/refpolicy-2.20210908/build.conf /usr/bin/sed -i -e "/MONOLITHIC/c\MONOLITHIC = y" /tmp/instance-0/output-1/build/refpolicy-2.20210908/build.conf /usr/bin/sed -i -e "/NAME/c\NAME = targeted" /tmp/instance-0/output-1/build/refpolicy-2.20210908/build.conf PYTHON=/tmp/instance-0/output-1/host/usr/bin/python3 TEST_TOOLCHAIN=/tmp/instance-0/output-1/host PATH="/tmp/instance-0/output-1/host/bin:/tmp/instance-0/output-1/host/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" /usr/bin/make -j1 -C /tmp/instance-0/output-1/build/refpolicy-2.20210908 bare conf make[1]: Entering directory '/tmp/instance-0/output-1/build/refpolicy-2.20210908' rm -f policy.conf rm -f policy.33 rm -f file_contexts rm -f homedir_template rm -f net_contexts net_contexts.nft rm -f *.res rm -fR tmp rm -f doc/policy.xml rm -fR doc/tmp rm -f doc/global_tunables.xml rm -f doc/global_booleans.xml rm -f policy/modules.conf rm -f policy/booleans.conf rm -fR doc/html rm -f tags rm -f support/*.pyc rm -Rf support/__pycache__/ rm -f policy/modules/kernel/corenetwork.te rm -f policy/modules/kernel/corenetwork.if Generating interface templates into doc/tmp/iftemplates support/gentemplates.sh -g -s policy/modules -t doc/tmp/iftemplates m4 -E -E -D self_contained_policy -D enable_ubac=true -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D hide_broken_symptoms=true -D self_contained_policy support/divert.m4 policy/modules/kernel/corenetwork.te.m4 support/undivert.m4 policy/modules/kernel/corenetwork.te.in \ | sed -e 's/dollarsone/\$1/g' -e 's/dollarszero/\$0/g' >> policy/modules/kernel/corenetwork.te cat policy/modules/kernel/corenetwork.if.in >> policy/modules/kernel/corenetwork.if egrep "^[[:blank:]]*(network_(interface|node|port|packet)(_controlled)?)|ib_(pkey|endport)\(.*\)" policy/modules/kernel/corenetwork.te.in \ | m4 -E -E -D self_contained_policy -D enable_ubac=true -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D hide_broken_symptoms=true -D self_contained_policy support/divert.m4 policy/modules/kernel/corenetwork.if.m4 support/undivert.m4 - \ | sed -e 's/dollarsone/\$1/g' -e 's/dollarszero/\$0/g' >> policy/modules/kernel/corenetwork.if cat policy/modules/admin/metadata.xml > doc/tmp/admin.xml for i in policy/modules/admin/acct policy/modules/admin/aide policy/modules/admin/alsa policy/modules/admin/amanda policy/modules/admin/amtu policy/modules/admin/anaconda policy/modules/admin/apt policy/modules/admin/backup policy/modules/admin/bacula policy/modules/admin/blueman policy/modules/admin/bootloader policy/modules/admin/brctl policy/modules/admin/certwatch policy/modules/admin/cfengine policy/modules/admin/chkrootkit policy/modules/admin/consoletype policy/modules/admin/dmesg policy/modules/admin/dmidecode policy/modules/admin/dphysswapfile policy/modules/admin/dpkg policy/modules/admin/fakehwclock policy/modules/admin/firstboot policy/modules/admin/hwloc policy/modules/admin/kdump policy/modules/admin/kismet policy/modules/admin/logrotate policy/modules/admin/logwatch policy/modules/admin/mcelog policy/modules/admin/mrtg policy/modules/admin/ncftool policy/modules/admin/netutils policy/modules/admin/passenger policy/modules/admin/portage policy/modules/admin/prelink policy/modules/admin/puppet policy/modules/admin/quota policy/modules/admin/rkhunter policy/modules/admin/rpm policy/modules/admin/samhain policy/modules/admin/sblim policy/modules/admin/shorewall policy/modules/admin/shutdown policy/modules/admin/sosreport policy/modules/admin/su policy/modules/admin/sudo policy/modules/admin/sxid policy/modules/admin/tboot policy/modules/admin/tmpreaper policy/modules/admin/tripwire policy/modules/admin/tzdata policy/modules/admin/updfstab policy/modules/admin/usbguard policy/modules/admin/usbmodules policy/modules/admin/usermanage policy/modules/admin/vbetool policy/modules/admin/vpn; do /tmp/instance-0/output-1/host/usr/bin/python3 support/segenxml.py -w -T doc/tmp/iftemplates -m $i >> doc/tmp/admin.xml; done cat policy/modules/apps/metadata.xml > doc/tmp/apps.xml for i in policy/modules/apps/awstats policy/modules/apps/calamaris policy/modules/apps/cdrecord policy/modules/apps/chromium policy/modules/apps/cpufreqselector policy/modules/apps/cryfs policy/modules/apps/evolution policy/modules/apps/games policy/modules/apps/gitosis policy/modules/apps/gnome policy/modules/apps/gpg policy/modules/apps/irc policy/modules/apps/java policy/modules/apps/libmtp policy/modules/apps/lightsquid policy/modules/apps/livecd policy/modules/apps/loadkeys policy/modules/apps/man2html policy/modules/apps/mandb policy/modules/apps/mono policy/modules/apps/mozilla policy/modules/apps/mplayer policy/modules/apps/openoffice policy/modules/apps/pulseaudio policy/modules/apps/qemu policy/modules/apps/rssh policy/modules/apps/screen policy/modules/apps/seunshare policy/modules/apps/sigrok policy/modules/apps/slocate policy/modules/apps/syncthing policy/modules/apps/telepathy policy/modules/apps/thunderbird policy/modules/apps/tvtime policy/modules/apps/uml policy/modules/apps/userhelper policy/modules/apps/usernetctl policy/modules/apps/vlock policy/modules/apps/vmware policy/modules/apps/webalizer policy/modules/apps/wine policy/modules/apps/wireshark policy/modules/apps/wm policy/modules/apps/xscreensaver; do /tmp/instance-0/output-1/host/usr/bin/python3 support/segenxml.py -w -T doc/tmp/iftemplates -m $i >> doc/tmp/apps.xml; done cat policy/modules/kernel/metadata.xml > doc/tmp/kernel.xml for i in policy/modules/kernel/corecommands policy/modules/kernel/corenetwork policy/modules/kernel/devices policy/modules/kernel/domain policy/modules/kernel/files policy/modules/kernel/filesystem policy/modules/kernel/kernel policy/modules/kernel/mcs policy/modules/kernel/mls policy/modules/kernel/selinux policy/modules/kernel/storage policy/modules/kernel/terminal policy/modules/kernel/ubac; do /tmp/instance-0/output-1/host/usr/bin/python3 support/segenxml.py -w -T doc/tmp/iftemplates -m $i >> doc/tmp/kernel.xml; done cat policy/modules/roles/metadata.xml > doc/tmp/roles.xml for i in policy/modules/roles/auditadm policy/modules/roles/dbadm policy/modules/roles/guest policy/modules/roles/logadm policy/modules/roles/secadm policy/modules/roles/staff policy/modules/roles/sysadm policy/modules/roles/unprivuser policy/modules/roles/webadm policy/modules/roles/xguest; do /tmp/instance-0/output-1/host/usr/bin/python3 support/segenxml.py -w -T doc/tmp/iftemplates -m $i >> doc/tmp/roles.xml; done support/segenxml.py: warning: cannot open file doc/tmp/iftemplates/userdom_security_admin_template.iftemplate for read, bailing out support/segenxml.py: warning: cannot open file doc/tmp/iftemplates/userdom_security_admin_template.iftemplate for read, bailing out cat policy/modules/services/metadata.xml > doc/tmp/services.xml for i in policy/modules/services/abrt policy/modules/services/accountsd policy/modules/services/acpi policy/modules/services/afs policy/modules/services/aisexec policy/modules/services/amavis policy/modules/services/apache policy/modules/services/apcupsd policy/modules/services/aptcacher policy/modules/services/arpwatch policy/modules/services/asterisk policy/modules/services/automount policy/modules/services/avahi policy/modules/services/bind policy/modules/services/bird policy/modules/services/bitlbee policy/modules/services/bluetooth policy/modules/services/boinc policy/modules/services/bugzilla policy/modules/services/cachefilesd policy/modules/services/canna policy/modules/services/certbot policy/modules/services/certmaster policy/modules/services/certmonger policy/modules/services/cgmanager policy/modules/services/cgroup policy/modules/services/chronyd policy/modules/services/clamav policy/modules/services/cobbler policy/modules/services/collectd policy/modules/services/colord policy/modules/services/comsat policy/modules/services/condor policy/modules/services/consolesetup policy/modules/services/corosync policy/modules/services/couchdb policy/modules/services/courier policy/modules/services/cpucontrol policy/modules/services/cron policy/modules/services/ctdb policy/modules/services/cups policy/modules/services/cvs policy/modules/services/cyphesis policy/modules/services/cyrus policy/modules/services/dante policy/modules/services/dbskk policy/modules/services/dbus policy/modules/services/ddclient policy/modules/services/devicekit policy/modules/services/dhcp policy/modules/services/dictd policy/modules/services/dirmngr policy/modules/services/distcc policy/modules/services/djbdns policy/modules/services/dkim policy/modules/services/dnsmasq policy/modules/services/dovecot policy/modules/services/drbd policy/modules/services/entropyd policy/modules/services/exim policy/modules/services/fail2ban policy/modules/services/fcoe policy/modules/services/fetchmail policy/modules/services/finger policy/modules/services/firewalld policy/modules/services/fprintd policy/modules/services/ftp policy/modules/services/gatekeeper policy/modules/services/gdomap policy/modules/services/geoclue policy/modules/services/git policy/modules/services/glance policy/modules/services/glusterfs policy/modules/services/gnomeclock policy/modules/services/gpm policy/modules/services/gpsd policy/modules/services/gssproxy policy/modules/services/hadoop policy/modules/services/hddtemp policy/modules/services/hostapd policy/modules/services/hypervkvp policy/modules/services/i18n_input policy/modules/services/icecast policy/modules/services/ifplugd policy/modules/services/inetd policy/modules/services/inn policy/modules/services/iodine policy/modules/services/ircd policy/modules/services/irqbalance policy/modules/services/isns policy/modules/services/jabber policy/modules/services/kerberos policy/modules/services/kerneloops policy/modules/services/keystone policy/modules/services/knot policy/modules/services/ksmtuned policy/modules/services/l2tp policy/modules/services/ldap policy/modules/services/likewise policy/modules/services/lircd policy/modules/services/lldpad policy/modules/services/lpd policy/modules/services/lsm policy/modules/services/mailman policy/modules/services/mediawiki policy/modules/services/memcached policy/modules/services/memlockd policy/modules/services/milter policy/modules/services/minidlna policy/modules/services/minissdpd policy/modules/services/modemmanager policy/modules/services/mojomojo policy/modules/services/mon policy/modules/services/mongodb policy/modules/services/monit policy/modules/services/monop policy/modules/services/mpd policy/modules/services/mta policy/modules/services/munin policy/modules/services/mysql policy/modules/services/nagios policy/modules/services/nessus policy/modules/services/networkmanager policy/modules/services/nis policy/modules/services/nscd policy/modules/services/nsd policy/modules/services/nslcd policy/modules/services/ntop policy/modules/services/ntp policy/modules/services/numad policy/modules/services/nut policy/modules/services/nx policy/modules/services/obex policy/modules/services/oddjob policy/modules/services/oident policy/modules/services/openca policy/modules/services/openct policy/modules/services/openhpi policy/modules/services/openvpn policy/modules/services/openvswitch policy/modules/services/pacemaker policy/modules/services/pads policy/modules/services/pcscd policy/modules/services/pegasus policy/modules/services/perdition policy/modules/services/pingd policy/modules/services/pkcs policy/modules/services/plymouthd policy/modules/services/policykit policy/modules/services/portmap policy/modules/services/portreserve policy/modules/services/portslave policy/modules/services/postfix policy/modules/services/postfixpolicyd policy/modules/services/postgresql policy/modules/services/postgrey policy/modules/services/ppp policy/modules/services/prelude policy/modules/services/privoxy policy/modules/services/procmail policy/modules/services/psad policy/modules/services/publicfile policy/modules/services/pwauth policy/modules/services/pxe policy/modules/services/pyzor policy/modules/services/qmail policy/modules/services/qpid policy/modules/services/quantum policy/modules/services/rabbitmq policy/modules/services/radius policy/modules/services/radvd policy/modules/services/razor policy/modules/services/rdisc policy/modules/services/realmd policy/modules/services/redis policy/modules/services/remotelogin policy/modules/services/resmgr policy/modules/services/rhsmcertd policy/modules/services/rlogin policy/modules/services/rngd policy/modules/services/rpc policy/modules/services/rpcbind policy/modules/services/rshd policy/modules/services/rsync policy/modules/services/rtkit policy/modules/services/rwho policy/modules/services/samba policy/modules/services/sanlock policy/modules/services/sasl policy/modules/services/sendmail policy/modules/services/sensord policy/modules/services/setroubleshoot policy/modules/services/shibboleth policy/modules/services/slpd policy/modules/services/slrnpull policy/modules/services/smartmon policy/modules/services/smokeping policy/modules/services/smstools policy/modules/services/snmp policy/modules/services/snort policy/modules/services/soundserver policy/modules/services/spamassassin policy/modules/services/squid policy/modules/services/ssh policy/modules/services/sssd policy/modules/services/stubby policy/modules/services/stunnel policy/modules/services/svnserve policy/modules/services/sysstat policy/modules/services/systemtap policy/modules/services/tcpd policy/modules/services/tcsd policy/modules/services/telnet policy/modules/services/tftp policy/modules/services/tgtd policy/modules/services/timidity policy/modules/services/tor policy/modules/services/tpm2 policy/modules/services/transproxy policy/modules/services/tuned policy/modules/services/ucspitcp policy/modules/services/ulogd policy/modules/services/uptime policy/modules/services/usbmuxd policy/modules/services/uucp policy/modules/services/uuidd policy/modules/services/uwimap policy/modules/services/varnishd policy/modules/services/vdagent policy/modules/services/vhostmd policy/modules/services/virt policy/modules/services/vnstatd policy/modules/services/watchdog policy/modules/services/wdmd policy/modules/services/wireguard policy/modules/services/xfs policy/modules/services/xserver policy/modules/services/zabbix policy/modules/services/zarafa policy/modules/services/zebra policy/modules/services/zosremote; do /tmp/instance-0/output-1/host/usr/bin/python3 support/segenxml.py -w -T doc/tmp/iftemplates -m $i >> doc/tmp/services.xml; done cat policy/modules/system/metadata.xml > doc/tmp/system.xml for i in policy/modules/system/application policy/modules/system/authlogin policy/modules/system/clock policy/modules/system/daemontools policy/modules/system/fstools policy/modules/system/getty policy/modules/system/hostname policy/modules/system/init policy/modules/system/ipsec policy/modules/system/iptables policy/modules/system/iscsi policy/modules/system/libraries policy/modules/system/locallogin policy/modules/system/logging policy/modules/system/lvm policy/modules/system/miscfiles policy/modules/system/modutils policy/modules/system/mount policy/modules/system/netlabel policy/modules/system/raid policy/modules/system/selinuxutil policy/modules/system/setrans policy/modules/system/sysnetwork policy/modules/system/systemd policy/modules/system/udev policy/modules/system/unconfined policy/modules/system/userdomain policy/modules/system/xdg policy/modules/system/xen; do /tmp/instance-0/output-1/host/usr/bin/python3 support/segenxml.py -w -T doc/tmp/iftemplates -m $i >> doc/tmp/system.xml; done /tmp/instance-0/output-1/host/usr/bin/python3 support/segenxml.py -w -t policy/global_tunables > doc/global_tunables.xml /tmp/instance-0/output-1/host/usr/bin/python3 support/segenxml.py -w -b policy/global_booleans > doc/global_booleans.xml Creating policy.xml echo '' > doc/policy.xml echo '' >> doc/policy.xml echo '' >> doc/policy.xml for i in admin apps kernel roles services system; do echo "" >> doc/policy.xml; cat doc/tmp/$i.xml >> doc/policy.xml; echo "" >> doc/policy.xml; done cat doc/global_tunables.xml doc/global_booleans.xml >> doc/policy.xml echo '' >> doc/policy.xml if test -x /usr/bin/xmllint && test -f doc/policy.dtd; then \ /usr/bin/xmllint --noout --path doc/ --dtdvalid doc/policy.dtd doc/policy.xml ;\ else \ echo "doc/policy.xml XML validation not run. Please install the xmllint tool." ;\ fi Updating policy/booleans.conf and policy/modules.conf /tmp/instance-0/output-1/host/usr/bin/python3 support/sedoctool.py -b policy/booleans.conf -m policy/modules.conf -x doc/policy.xml make[1]: Leaving directory '/tmp/instance-0/output-1/build/refpolicy-2.20210908' /usr/bin/sed -i -e "s/ = module/ = no/g" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^apache =/c\apache = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^apcupsd =/c\apcupsd = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^application =/c\application = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^authlogin =/c\authlogin = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^brctl =/c\brctl = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^collectd =/c\collectd = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^dbus =/c\dbus = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^dovecot =/c\dovecot = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^getty =/c\getty = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^git =/c\git = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^gpm =/c\gpm = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^init =/c\init = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^kismet =/c\kismet = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^ldap =/c\ldap = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^libraries =/c\libraries = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^locallogin =/c\locallogin = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^logging =/c\logging = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^memcached =/c\memcached = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^minissdpd =/c\minissdpd = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^miscfiles =/c\miscfiles = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^modutils =/c\modutils = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^mount =/c\mount = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^mysql =/c\mysql = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^nut =/c\nut = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^pcscd =/c\pcscd = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^postgresql =/c\postgresql = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^rpcbind =/c\rpcbind = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^selinuxutil =/c\selinuxutil = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^smartmon =/c\smartmon = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^snmp =/c\snmp = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^storage =/c\storage = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^sysadm =/c\sysadm = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^sysnetwork =/c\sysnetwork = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^tpm2 =/c\tpm2 = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^unconfined =/c\unconfined = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^userdomain =/c\userdomain = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf /usr/bin/sed -i -e "/^wireguard =/c\wireguard = base" /tmp/instance-0/output-1/build/refpolicy-2.20210908/policy/modules.conf >>> refpolicy 2.20210908 Building PYTHON=/tmp/instance-0/output-1/host/usr/bin/python3 TEST_TOOLCHAIN=/tmp/instance-0/output-1/host PATH="/tmp/instance-0/output-1/host/bin:/tmp/instance-0/output-1/host/sbin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" /usr/bin/make -j1 -C /tmp/instance-0/output-1/build/refpolicy-2.20210908 policy make[1]: Entering directory '/tmp/instance-0/output-1/build/refpolicy-2.20210908' m4 -E -E -D enable_ubac=true -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D hide_broken_symptoms=true -D self_contained_policy policy/flask/security_classes policy/flask/initial_sids policy/flask/access_vectors support/divert.m4 policy/support/file_patterns.spt policy/support/ipc_patterns.spt policy/support/obj_perm_sets.spt policy/support/misc_patterns.spt policy/support/misc_macros.spt policy/support/mls_mcs_macros.spt policy/support/loadable_module.spt support/undivert.m4 policy/context_defaults policy/mls policy/mcs policy/policy_capabilities > tmp/pre_te_files.conf /tmp/instance-0/output-1/host/usr/bin/python3 support/genclassperms.py policy/flask/access_vectors policy/flask/security_classes >> tmp/generated_definitions.conf test -f policy/booleans.conf && gawk -f support/set_bools_tuns.awk policy/booleans.conf >> tmp/generated_definitions.conf || true m4 -E -E support/divert.m4 policy/support/file_patterns.spt policy/support/ipc_patterns.spt policy/support/obj_perm_sets.spt policy/support/misc_patterns.spt policy/support/misc_macros.spt policy/support/mls_mcs_macros.spt policy/support/loadable_module.spt support/undivert.m4 policy/modules/services/apache.if policy/modules/services/apcupsd.if policy/modules/system/application.if policy/modules/system/authlogin.if policy/modules/admin/brctl.if policy/modules/services/collectd.if policy/modules/kernel/corecommands.if policy/modules/kernel/corenetwork.if policy/modules/services/dbus.if policy/modules/kernel/devices.if policy/modules/kernel/domain.if policy/modules/services/dovecot.if policy/modules/kernel/files.if policy/modules/kernel/filesystem.if policy/modules/system/getty.if policy/modules/services/git.if policy/modules/services/gpm.if policy/modules/system/init.if policy/modules/kernel/kernel.if policy/modules/admin/kismet.if policy/modules/services/ldap.if policy/modules/system/libraries.if policy/modules/system/locallogin.if policy/modules/system/logging.if policy/modules/kernel/mcs.if policy/modules/services/memcached.if policy/modules/services/minissdpd.if policy/modules/system/miscfiles.if policy/modules/kernel/mls.if policy/modules/system/modutils.if policy/modules/system/mount.if policy/modules/services/mysql.if policy/modules/services/nut.if policy/modules/services/pcscd.if policy/modules/services/postgresql.if policy/modules/services/rpcbind.if policy/modules/kernel/selinux.if policy/modules/system/selinuxutil.if policy/modules/services/smartmon.if policy/modules/services/snmp.if policy/modules/kernel/storage.if policy/modules/roles/sysadm.if policy/modules/system/sysnetwork.if policy/modules/kernel/terminal.if policy/modules/services/tpm2.if policy/modules/kernel/ubac.if policy/modules/system/unconfined.if policy/modules/system/userdomain.if policy/modules/services/wireguard.if policy/modules/admin/acct.if policy/modules/admin/aide.if policy/modules/admin/alsa.if policy/modules/admin/amanda.if policy/modules/admin/amtu.if policy/modules/admin/anaconda.if policy/modules/admin/apt.if policy/modules/admin/backup.if policy/modules/admin/bacula.if policy/modules/admin/blueman.if policy/modules/admin/bootloader.if policy/modules/admin/certwatch.if policy/modules/admin/cfengine.if policy/modules/admin/chkrootkit.if policy/modules/admin/consoletype.if policy/modules/admin/dmesg.if policy/modules/admin/dmidecode.if policy/modules/admin/dphysswapfile.if policy/modules/admin/dpkg.if policy/modules/admin/fakehwclock.if policy/modules/admin/firstboot.if policy/modules/admin/hwloc.if policy/modules/admin/kdump.if policy/modules/admin/logrotate.if policy/modules/admin/logwatch.if policy/modules/admin/mcelog.if policy/modules/admin/mrtg.if policy/modules/admin/ncftool.if policy/modules/admin/netutils.if policy/modules/admin/passenger.if policy/modules/admin/portage.if policy/modules/admin/prelink.if policy/modules/admin/puppet.if policy/modules/admin/quota.if policy/modules/admin/rkhunter.if policy/modules/admin/rpm.if policy/modules/admin/samhain.if policy/modules/admin/sblim.if policy/modules/admin/shorewall.if policy/modules/admin/shutdown.if policy/modules/admin/sosreport.if policy/modules/admin/su.if policy/modules/admin/sudo.if policy/modules/admin/sxid.if policy/modules/admin/tboot.if policy/modules/admin/tmpreaper.if policy/modules/admin/tripwire.if policy/modules/admin/tzdata.if policy/modules/admin/updfstab.if policy/modules/admin/usbguard.if policy/modules/admin/usbmodules.if policy/modules/admin/usermanage.if policy/modules/admin/vbetool.if policy/modules/admin/vpn.if policy/modules/apps/awstats.if policy/modules/apps/calamaris.if policy/modules/apps/cdrecord.if policy/modules/apps/chromium.if policy/modules/apps/cpufreqselector.if policy/modules/apps/cryfs.if policy/modules/apps/evolution.if policy/modules/apps/games.if policy/modules/apps/gitosis.if policy/modules/apps/gnome.if policy/modules/apps/gpg.if policy/modules/apps/irc.if policy/modules/apps/java.if policy/modules/apps/libmtp.if policy/modules/apps/lightsquid.if policy/modules/apps/livecd.if policy/modules/apps/loadkeys.if policy/modules/apps/man2html.if policy/modules/apps/mandb.if policy/modules/apps/mono.if policy/modules/apps/mozilla.if policy/modules/apps/mplayer.if policy/modules/apps/openoffice.if policy/modules/apps/pulseaudio.if policy/modules/apps/qemu.if policy/modules/apps/rssh.if policy/modules/apps/screen.if policy/modules/apps/seunshare.if policy/modules/apps/sigrok.if policy/modules/apps/slocate.if policy/modules/apps/syncthing.if policy/modules/apps/telepathy.if policy/modules/apps/thunderbird.if policy/modules/apps/tvtime.if policy/modules/apps/uml.if policy/modules/apps/userhelper.if policy/modules/apps/usernetctl.if policy/modules/apps/vlock.if policy/modules/apps/vmware.if policy/modules/apps/webalizer.if policy/modules/apps/wine.if policy/modules/apps/wireshark.if policy/modules/apps/wm.if policy/modules/apps/xscreensaver.if policy/modules/roles/auditadm.if policy/modules/roles/dbadm.if policy/modules/roles/guest.if policy/modules/roles/logadm.if policy/modules/roles/secadm.if policy/modules/roles/staff.if policy/modules/roles/unprivuser.if policy/modules/roles/webadm.if policy/modules/roles/xguest.if policy/modules/services/abrt.if policy/modules/services/accountsd.if policy/modules/services/acpi.if policy/modules/services/afs.if policy/modules/services/aisexec.if policy/modules/services/amavis.if policy/modules/services/aptcacher.if policy/modules/services/arpwatch.if policy/modules/services/asterisk.if policy/modules/services/automount.if policy/modules/services/avahi.if policy/modules/services/bind.if policy/modules/services/bird.if policy/modules/services/bitlbee.if policy/modules/services/bluetooth.if policy/modules/services/boinc.if policy/modules/services/bugzilla.if policy/modules/services/cachefilesd.if policy/modules/services/canna.if policy/modules/services/certbot.if policy/modules/services/certmaster.if policy/modules/services/certmonger.if policy/modules/services/cgmanager.if policy/modules/services/cgroup.if policy/modules/services/chronyd.if policy/modules/services/clamav.if policy/modules/services/cobbler.if policy/modules/services/colord.if policy/modules/services/comsat.if policy/modules/services/condor.if policy/modules/services/consolesetup.if policy/modules/services/corosync.if policy/modules/services/couchdb.if policy/modules/services/courier.if policy/modules/services/cpucontrol.if policy/modules/services/cron.if policy/modules/services/ctdb.if policy/modules/services/cups.if policy/modules/services/cvs.if policy/modules/services/cyphesis.if policy/modules/services/cyrus.if policy/modules/services/dante.if policy/modules/services/dbskk.if policy/modules/services/ddclient.if policy/modules/services/devicekit.if policy/modules/services/dhcp.if policy/modules/services/dictd.if policy/modules/services/dirmngr.if policy/modules/services/distcc.if policy/modules/services/djbdns.if policy/modules/services/dkim.if policy/modules/services/dnsmasq.if policy/modules/services/drbd.if policy/modules/services/entropyd.if policy/modules/services/exim.if policy/modules/services/fail2ban.if policy/modules/services/fcoe.if policy/modules/services/fetchmail.if policy/modules/services/finger.if policy/modules/services/firewalld.if policy/modules/services/fprintd.if policy/modules/services/ftp.if policy/modules/services/gatekeeper.if policy/modules/services/gdomap.if policy/modules/services/geoclue.if policy/modules/services/glance.if policy/modules/services/glusterfs.if policy/modules/services/gnomeclock.if policy/modules/services/gpsd.if policy/modules/services/gssproxy.if policy/modules/services/hadoop.if policy/modules/services/hddtemp.if policy/modules/services/hostapd.if policy/modules/services/hypervkvp.if policy/modules/services/i18n_input.if policy/modules/services/icecast.if policy/modules/services/ifplugd.if policy/modules/services/inetd.if policy/modules/services/inn.if policy/modules/services/iodine.if policy/modules/services/ircd.if policy/modules/services/irqbalance.if policy/modules/services/isns.if policy/modules/services/jabber.if policy/modules/services/kerberos.if policy/modules/services/kerneloops.if policy/modules/services/keystone.if policy/modules/services/knot.if policy/modules/services/ksmtuned.if policy/modules/services/l2tp.if policy/modules/services/likewise.if policy/modules/services/lircd.if policy/modules/services/lldpad.if policy/modules/services/lpd.if policy/modules/services/lsm.if policy/modules/services/mailman.if policy/modules/services/mediawiki.if policy/modules/services/memlockd.if policy/modules/services/milter.if policy/modules/services/minidlna.if policy/modules/services/modemmanager.if policy/modules/services/mojomojo.if policy/modules/services/mon.if policy/modules/services/mongodb.if policy/modules/services/monit.if policy/modules/services/monop.if policy/modules/services/mpd.if policy/modules/services/mta.if policy/modules/services/munin.if policy/modules/services/nagios.if policy/modules/services/nessus.if policy/modules/services/networkmanager.if policy/modules/services/nis.if policy/modules/services/nscd.if policy/modules/services/nsd.if policy/modules/services/nslcd.if policy/modules/services/ntop.if policy/modules/services/ntp.if policy/modules/services/numad.if policy/modules/services/nx.if policy/modules/services/obex.if policy/modules/services/oddjob.if policy/modules/services/oident.if policy/modules/services/openca.if policy/modules/services/openct.if policy/modules/services/openhpi.if policy/modules/services/openvpn.if policy/modules/services/openvswitch.if policy/modules/services/pacemaker.if policy/modules/services/pads.if policy/modules/services/pegasus.if policy/modules/services/perdition.if policy/modules/services/pingd.if policy/modules/services/pkcs.if policy/modules/services/plymouthd.if policy/modules/services/policykit.if policy/modules/services/portmap.if policy/modules/services/portreserve.if policy/modules/services/portslave.if policy/modules/services/postfix.if policy/modules/services/postfixpolicyd.if policy/modules/services/postgrey.if policy/modules/services/ppp.if policy/modules/services/prelude.if policy/modules/services/privoxy.if policy/modules/services/procmail.if policy/modules/services/psad.if policy/modules/services/publicfile.if policy/modules/services/pwauth.if policy/modules/services/pxe.if policy/modules/services/pyzor.if policy/modules/services/qmail.if policy/modules/services/qpid.if policy/modules/services/quantum.if policy/modules/services/rabbitmq.if policy/modules/services/radius.if policy/modules/services/radvd.if policy/modules/services/razor.if policy/modules/services/rdisc.if policy/modules/services/realmd.if policy/modules/services/redis.if policy/modules/services/remotelogin.if policy/modules/services/resmgr.if policy/modules/services/rhsmcertd.if policy/modules/services/rlogin.if policy/modules/services/rngd.if policy/modules/services/rpc.if policy/modules/services/rshd.if policy/modules/services/rsync.if policy/modules/services/rtkit.if policy/modules/services/rwho.if policy/modules/services/samba.if policy/modules/services/sanlock.if policy/modules/services/sasl.if policy/modules/services/sendmail.if policy/modules/services/sensord.if policy/modules/services/setroubleshoot.if policy/modules/services/shibboleth.if policy/modules/services/slpd.if policy/modules/services/slrnpull.if policy/modules/services/smokeping.if policy/modules/services/smstools.if policy/modules/services/snort.if policy/modules/services/soundserver.if policy/modules/services/spamassassin.if policy/modules/services/squid.if policy/modules/services/ssh.if policy/modules/services/sssd.if policy/modules/services/stubby.if policy/modules/services/stunnel.if policy/modules/services/svnserve.if policy/modules/services/sysstat.if policy/modules/services/systemtap.if policy/modules/services/tcpd.if policy/modules/services/tcsd.if policy/modules/services/telnet.if policy/modules/services/tftp.if policy/modules/services/tgtd.if policy/modules/services/timidity.if policy/modules/services/tor.if policy/modules/services/transproxy.if policy/modules/services/tuned.if policy/modules/services/ucspitcp.if policy/modules/services/ulogd.if policy/modules/services/uptime.if policy/modules/services/usbmuxd.if policy/modules/services/uucp.if policy/modules/services/uuidd.if policy/modules/services/uwimap.if policy/modules/services/varnishd.if policy/modules/services/vdagent.if policy/modules/services/vhostmd.if policy/modules/services/virt.if policy/modules/services/vnstatd.if policy/modules/services/watchdog.if policy/modules/services/wdmd.if policy/modules/services/xfs.if policy/modules/services/xserver.if policy/modules/services/zabbix.if policy/modules/services/zarafa.if policy/modules/services/zebra.if policy/modules/services/zosremote.if policy/modules/system/clock.if policy/modules/system/daemontools.if policy/modules/system/fstools.if policy/modules/system/hostname.if policy/modules/system/ipsec.if policy/modules/system/iptables.if policy/modules/system/iscsi.if policy/modules/system/lvm.if policy/modules/system/netlabel.if policy/modules/system/raid.if policy/modules/system/setrans.if policy/modules/system/systemd.if policy/modules/system/udev.if policy/modules/system/xdg.if policy/modules/system/xen.if support/iferror.m4 > tmp/all_interfaces.conf.tmp sed -e s/dollarsstar/\$\*/g tmp/all_interfaces.conf.tmp >> tmp/all_interfaces.conf m4 -E -E -D enable_ubac=true -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D hide_broken_symptoms=true -D self_contained_policy -s support/divert.m4 policy/support/file_patterns.spt policy/support/ipc_patterns.spt policy/support/obj_perm_sets.spt policy/support/misc_patterns.spt policy/support/misc_macros.spt policy/support/mls_mcs_macros.spt policy/support/loadable_module.spt support/undivert.m4 tmp/generated_definitions.conf tmp/all_interfaces.conf policy/modules/services/apache.te policy/modules/services/apcupsd.te policy/modules/system/application.te policy/modules/system/authlogin.te policy/modules/admin/brctl.te policy/modules/services/collectd.te policy/modules/kernel/corecommands.te policy/modules/kernel/corenetwork.te policy/modules/services/dbus.te policy/modules/kernel/devices.te policy/modules/kernel/domain.te policy/modules/services/dovecot.te policy/modules/kernel/files.te policy/modules/kernel/filesystem.te policy/modules/system/getty.te policy/modules/services/git.te policy/modules/services/gpm.te policy/modules/system/init.te policy/modules/kernel/kernel.te policy/modules/admin/kismet.te policy/modules/services/ldap.te policy/modules/system/libraries.te policy/modules/system/locallogin.te policy/modules/system/logging.te policy/modules/kernel/mcs.te policy/modules/services/memcached.te policy/modules/services/minissdpd.te policy/modules/system/miscfiles.te policy/modules/kernel/mls.te policy/modules/system/modutils.te policy/modules/system/mount.te policy/modules/services/mysql.te policy/modules/services/nut.te policy/modules/services/pcscd.te policy/modules/services/postgresql.te policy/modules/services/rpcbind.te policy/modules/kernel/selinux.te policy/modules/system/selinuxutil.te policy/modules/services/smartmon.te policy/modules/services/snmp.te policy/modules/kernel/storage.te policy/modules/roles/sysadm.te policy/modules/system/sysnetwork.te policy/modules/kernel/terminal.te policy/modules/services/tpm2.te policy/modules/kernel/ubac.te policy/modules/system/unconfined.te policy/modules/system/userdomain.te policy/modules/services/wireguard.te support/fatal_error.m4 > tmp/all_te_files.conf sed -r -f support/get_type_attr_decl.sed tmp/all_te_files.conf | LC_ALL=C sort > tmp/all_attrs_types.conf m4 -E -E -D enable_ubac=true -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D hide_broken_symptoms=true -D self_contained_policy support/divert.m4 policy/support/file_patterns.spt policy/support/ipc_patterns.spt policy/support/obj_perm_sets.spt policy/support/misc_patterns.spt policy/support/misc_macros.spt policy/support/mls_mcs_macros.spt policy/support/loadable_module.spt support/undivert.m4 tmp/generated_definitions.conf policy/global_booleans policy/global_tunables > tmp/global_bools.conf sed -r -f support/comment_move_decl.sed tmp/all_te_files.conf > tmp/only_te_rules.conf egrep '^[[:blank:]]*user ' tmp/all_te_files.conf > tmp/post_te_files.conf || true m4 -E -E -D enable_ubac=true -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D hide_broken_symptoms=true -D self_contained_policy support/divert.m4 policy/support/file_patterns.spt policy/support/ipc_patterns.spt policy/support/obj_perm_sets.spt policy/support/misc_patterns.spt policy/support/misc_macros.spt policy/support/mls_mcs_macros.spt policy/support/loadable_module.spt support/undivert.m4 tmp/generated_definitions.conf policy/users policy/constraints >> tmp/post_te_files.conf cat tmp/post_te_files.conf > tmp/all_post.conf egrep '^[[:blank:]]*sid ' tmp/all_te_files.conf >> tmp/all_post.conf || true egrep '^[[:blank:]]*fs_use_(xattr|task|trans)' tmp/all_te_files.conf >> tmp/all_post.conf || true egrep '^[[:blank:]]*genfscon' tmp/all_te_files.conf >> tmp/all_post.conf || true egrep '^[[:blank:]]*portcon' tmp/all_te_files.conf >> tmp/all_post.conf || true egrep '^[[:blank:]]*netifcon' tmp/all_te_files.conf >> tmp/all_post.conf || true egrep '^[[:blank:]]*nodecon' tmp/all_te_files.conf >> tmp/all_post.conf || true egrep '^[[:blank:]]*ibpkeycon' tmp/all_te_files.conf >> tmp/all_post.conf || true egrep '^[[:blank:]]*ibendportcon' tmp/all_te_files.conf >> tmp/all_post.conf || true Creating targeted policy.conf cat tmp/pre_te_files.conf tmp/all_attrs_types.conf tmp/global_bools.conf tmp/only_te_rules.conf tmp/all_post.conf > policy.conf Compiling targeted policy.33 env LD_LIBRARY_PATH="/tmp/instance-0/output-1/host/lib:/tmp/instance-0/output-1/host/usr/lib" /tmp/instance-0/output-1/host/usr/bin/checkpolicy -c 33 -U deny -S -O -E policy.conf -o policy.33 policy/modules/services/wireguard.te:66:ERROR 'type iptables_exec_t is not within scope' at token ';' on line 591892: #line 66 allow wireguard_t iptables_exec_t:file { getattr open map read execute ioctl }; checkpolicy: error(s) encountered while parsing configuration make[1]: *** [Rules.monolithic:79: policy.33] Error 1 make[1]: Leaving directory '/tmp/instance-0/output-1/build/refpolicy-2.20210908' make: *** [package/pkg-generic.mk:294: /tmp/instance-0/output-1/build/refpolicy-2.20210908/.stamp_built] Error 2 make: Leaving directory '/tmp/instance-0/buildroot'