On Mon, 2006-09-11 at 19:08 +0800, Benjamin Tsai wrote: > I’ve downloaded refpolicy source from tresys’s website and > tried to install it on my FC5 box. > > However, there’re some problems I’m not able to fix it so > far. According to online documents, I first setenforce 0. > > In build.conf I enabled DISTRO=redhat, then make > install-src under /etc/selinux/refpolicy > > make conf; make policy; make install; make load > under /etc/selinux/refpolicy/src/policy > > 1. While executing make load, it replied that policy file > argument policy.20 is no longer supported, The next line showed > “continue…” > > I was so confused here that it looked like refpolicy is not loaded > yet. So how do I feed it a “supported policy file”? It was not loaded because the load_policy in FC5 looks at your /etc/selinux/config to determine what policy to load. It does not use the command line parameter, which is what the message is saying. The refpolicy makefile provides this parameter for compatibility for older SELinux machines. What happened is that you loaded the policy configured set in /etc/selinux/config. Second, you are using a monolithic policy build configuration, which is not supported in FC5. > 2. Besides, is there any way I can check if the policy is > loaded? My guess is sestatus. Yes. The "policy from config file" is the policy that was loaded. > 3. If I neglected the “loading-policy-thing” and make relabel > directly, then I’ll got > You were relabeling using the file contexts from your custom refpolicy, but the FC5 policy was loaded, and it turns out that the configurations differ; therefore, there are invalid contexts. > > Relabeling filesystem types: ext2 ext3 xfs jfs > > /usr/sbin/setfiles /etc/selinux/refpolicy/contexts/files/file_contexts / /boot > > /etc/selinux/refpolicy/contexts/files/file_contexts: line 79 has > invalid context system_u:object_r:quota_db_t > > /etc/selinux/refpolicy/contexts/files/file_contexts: line 121 has > invalid context system_u:object_r:svc_svc_t > > /etc/selinux/refpolicy/contexts/files/file_contexts: line 139 has > invalid context system_u:object_r:ipsec_exec_t > > /etc/selinux/refpolicy/contexts/files/file_contexts: line 147 has > invalid context system_u:object_r:ipsec_exec_t > > /etc/selinux/refpolicy/contexts/files/file_contexts: line 153 has > invalid context system_u:object_r:ipsec_exec_t > > /etc/selinux/refpolicy/contexts/files/file_contexts: line 189 has > invalid context system_u:object_r:ipsec_mgmt_exec_t > > /etc/selinux/refpolicy/contexts/files/file_contexts: line 213 has > invalid context system_u:object_r:ipsec_mgmt_exec_t > > /etc/selinux/refpolicy/contexts/files/file_contexts: line 214 has > invalid context system_u:object_r:ipsec_exec_t > > /etc/selinux/refpolicy/contexts/files/file_contexts: line 245 has > invalid context system_u:object_r:portage_exec_t > > Exiting after 10 errors. > > make: *** [relabel] Error 1 -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
