Failed to load haproxy module - selinux on centos7

Try to build and load haproxy module for selinux on Centos7, facing issue with make.
Version info: Using haproxy-1.7.0 version, centos7 - Linux localhost.localdomain 3.10.0-514.21.1.el7.x86_64)

[vagrant@localhost selinux]$ make -f /usr/share/selinux/devel/Makefile
Compiling targeted haproxy module
/usr/bin/checkmodule: loading policy configuration from tmp/haproxy.tmp
haproxy.te:46:ERROR ‘syntax error’ at token ‘corenet_tcp_recvfrom_unlabeled’ on line 3860:
corenet_tcp_recvfrom_unlabeled(haproxy_t)

/usr/bin/checkmodule: error(s) encountered while parsing configuration
make: *** [tmp/haproxy.mod] Error 1

so, went ahead and commented “corenet_tcp_recvfrom_unlabeled” in haproxy.te, and then ran the make, it works. However, when try to load the module, failed to load.

[vagrant@localhost selinux] sudo semodule -i haproxy.pp Re-declaration of type haproxy_t Failed to create node Bad type declaration at /etc/selinux/targeted/tmp/modules/100/rhcs/cil:123 semodule: Failed! [vagrant@localhost selinux]

any suggestions?

Ah, you are talking about what is in contrib/selinux.

This is a contribution from a haproxy user from 9 years ago and hasn’t been touched since. I’m not able to give you any hints here, but maybe you have more luck on the mailing list or by contacting the author (which you can find in contrib/selinux/README).

my bad, typo, I’m trying to load haproxy policy - as selinux module on centos7…
wget -O ~/haproxy.tgz http://www.haproxy.org/download/1.7/src/haproxy-1.7.0.tar.gz
untar in home directory
cd ~/haproxy-1.7.0/contrib/selinux

README file provides more info under the directory.

sort of trying to use an existing predefined policy that haproxy src provides under contrib directory/

Additional info, I was able to build the haproxy policy from same src/contrib and install as selinux module on Ubuntu v16.04.03 (4.4.0-109-generic) without any issue. Need to make it work on centos7 instance.