On Wed, 01 Feb 2006 14:39:37 EST, Stephen Smalley said:
> Looks like the .spec file needs to install all of the modules as a
> single transaction to deal with mutually dependent modules. Or, it
> could install them layer-by-layer. Unfortunately, current semodule
> usage requires you to generate the list of all the modules, then prefix
> them all with -i options, then pass that entire string as the
> commandline to semodule. Something like:
> # Location where modules are installed from policy package
> cd /usr/share/selinux/strict
> # Generate semodule command line with all non-base modules
> ls *.pp | sed -e "/base.pp/d" -e "/enableaudit.pp/d" -e "i-i " | tr "\n
" " " > out
> # Run semodule
> semodule -v `cat out`
I did this after yum updated me to selinux-policy-strict-2.2.9-1 this morning,
and things are much less broken now. Now we have:
Attempting to install module 'acct.pp':
Ok: return value of 0.
Attempting to install module 'alsa.pp':
Ok: return value of 0.
Attempting to install module 'amanda.pp':
Ok: return value of 0.
...
Attempting to install module 'xserver.pp':
Ok: return value of 0.
Attempting to install module 'zebra.pp':
Ok: return value of 0.
Committing changes:
libsepol.check_assertion_helper: assertion on line 0 violated by allow pam_console_t scsi_generic_device_t:chr_file { setattr };
libsepol.check_assertion_helper: assertion on line 0 violated by allow initrc_t scsi_generic_device_t:chr_file { setattr };
libsepol.check_assertion_helper: assertion on line 0 violated by allow restorecon_t scsi_generic_device_t:chr_file { relabelto };
libsepol.check_assertion_helper: assertion on line 0 violated by allow setfiles_t scsi_generic_device_t:chr_file { relabelto };
libsepol.check_assertion_helper: assertion on line 0 violated by allow restorecon_t lvm_vg_t:chr_file { relabelto };
libsepol.check_assertion_helper: assertion on line 0 violated by allow setfiles_t lvm_vg_t:chr_file { relabelto };
libsepol.check_assertion_helper: assertion on line 0 violated by allow pam_console_t fixed_disk_device_t:blk_file { setattr };
libsepol.check_assertion_helper: assertion on line 0 violated by allow hotplug_t fixed_disk_device_t:blk_file { setattr };
libsepol.check_assertion_helper: assertion on line 0 violated by allow restorecon_t fixed_disk_device_t:chr_file { relabelto };
libsepol.check_assertion_helper: assertion on line 0 violated by allow setfiles_t fixed_disk_device_t:chr_file { relabelto };
libsepol.check_assertion_helper: assertion on line 0 violated by allow initrc_t shadow_t:file { getattr };
libsepol.check_assertion_helper: assertion on line 0 violated by allow locate_t shadow_t:file { getattr };
libsepol.check_assertion_helper: assertion on line 0 violated by allow sysadm_t shadow_t:file { getattr };
libsepol.check_assertion_helper: assertion on line 0 violated by allow prelink_t shadow_t:file { getattr };
libsepol.check_assertion_helper: assertion on line 0 violated by allow nscd_t shadow_t:file { getattr };
libsepol.check_assertion_helper: assertion on line 0 violated by allow system_crond_t shadow_t:file { getattr };
libsepol.check_assertion_helper: assertion on line 0 violated by allow restorecon_t shadow_t:file { getattr relabelto };
libsepol.check_assertion_helper: assertion on line 0 violated by allow setfiles_t shadow_t:file { getattr relabelto };
libsepol.check_assertions: 18 assertion violations occured
libsemanage.semanage_expand_sandbox: Expand module failed
semodule: Failed!
18 assertions. This looks fixable....
Attachment:
pgp6XTEcjg3ak.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
