Joshua Brindle wrote:
From: Paul Howarth [mailto:paul@xxxxxxxxxxxx]
<snip>
Back to the point, my email a few times back suggested
putting a line
with just ; where the rules would be in order to get a
module without
rules, have you tried that?
Is this with or without the requires clause?
With the requires clause, the semicolon doesn't seem to make
any difference.
Ok, now I'm not sure what is going on. I built a policy with no rules
and it linked in fine. (no ; was required either).. The policy_module
statement always brings in a ton of requires (object classes mainly) so
you'll always have requires whether you add them explicitly or not.
What problem are you running into with this?
It's as described in the thread around here:
http://www.redhat.com/archives/fedora-selinux-list/2006-May/msg00104.html
The gist of it is that I had a policy module package built on one
machine and couldn't load it on another machine with an older version of
selinux-policy:
libsepol.class_copy_callback: contagged: Modules may not yet declare new
classes.
libsemanage.semanage_link_sandbox: Link packages failed
/usr/sbin/semodule: Failed!
The responses I got suggested that the absence of a policy module from
the policy module package (just file contexts, no rules) were at least
partly responsible for the issue.
The workaround I'm using at the moment is for my RPM packages to have an
RPM "conflict" with selinux-policy versions older than the one my
package is built against.
Paul.
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
