Hello,
I am trying to create a custom policy, but with no succes :
$ cat <<EOF> foo.te
module local 1.0;
require {
type httpd_sys_script_exec_t;
type httpd_sys_script_t;
class lnk_file read;
}
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t httpd_sys_script_exec_t:lnk_file read;
EOF
$ checkmodule -M -m -o foo.mod foo.te
checkmodule: loading policy configuration from foo.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 6) to foo.mod
$ semodule_package -o foo.pp -m foo.mod
$ echo $?
0
# So far, so good. But :
$ checkmodule -b foo.pp
checkmodule: loading policy configuration from foo.pp
libsepol.policydb_read: policydb magic number 0xf97cff8f does not match
expected magic number 0xf97cff8c or 0xf97cff8d
checkmodule: error(s) encountered while parsing configuration
# And trying to "semodule -i foo.pp" fails completely.
So here come my questions :
- is there a boolean to allow httpd to execute a script "symlinked" ?
(scontext=system_u:system_r:httpd_sys_script_t:s0
tcontext=system_u:object_r:httpd_sys_script_exec_t:s0 tclass=lnk_file)
- can someone reproduce the error described above ?
- any clue on how to fix it ?
(For the curious one : I am fighting svn hooks on a filesystem
mounted "-o noexec".)
Additional infos :
$ rpm -qa 'kernel*' '*selinux*'
kernel-2.6.18-194.26.1.el5
kernel-2.6.18-194.32.1.el5
kernel-devel-2.6.18-194.26.1.el5
kernel-devel-2.6.18-194.32.1.el5
kernel-headers-2.6.18-194.32.1.el5
libselinux-1.33.4-5.5.el5
libselinux-devel-1.33.4-5.5.el5
libselinux-python-1.33.4-5.5.el5
libselinux-utils-1.33.4-5.5.el5
selinux-policy-2.4.6-279.el5_5.2
selinux-policy-devel-2.4.6-279.el5_5.2
selinux-policy-targeted-2.4.6-279.el5_5.2
$ uname -a
Linux despina 2.6.18-194.26.1.el5 #1 SMP Tue Nov 9 12:54:20 EST 2010
x86_64 x86_64 x86_64 GNU/Linux
Thanks,
--
Philippe
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
