On Sat, 2006-10-21 at 18:02 +0900, Yuichi Nakamura wrote: > I am editing policy source for Fedora Core 5 to study refpolicy. > > I did yum update today, and found semodule -b does not work. > Last week, it was working.. > Version for related command is below. > selinux-policy-2.3.7-2.fc5 > checkpolicy-1.30.3-1.fc5 > libsepol-1.12.28-1.fc5 > > > How to reproduce problem is following: > > 1) I obtained selinux-policy-2.3.7-2.fc5.src.rpm from fedora mirror site. > 2) installed src.rpm > 3) Edit following 2 lines in selinux-policy.spec > %define BUILD_STRICT 0 > %define BUILD_MLS 0 > 4) rpmbuild -bi selinux-policy.spec > 5) cd BUILD/serefpolicy-2.3.7/ > 6) Edit build.conf, like below. > TYPE=targeted-mcs > NAME=targeted > DISTRO=redhat > DIRECT_INITRC=y > MONOLITHIC=n > 7) make install-src > 8) cd /etc/selinux/targeted/src/policy > 9) make load, but fails. > > Loading configured modules. > /usr/sbin/semodule -s targeted -b /usr/share/selinux/targeted/base.pp -i /usr/share/selinux/targeted/amavis.pp -i /usr/share/selinux/targeted/clamav.pp -i /usr/share/selinux/targeted/dcc.pp -i /usr/share/selinux/targeted/pyzor.pp -i /usr/share/selinux/targeted/razor.pp > libsepol.mls_read_range_helper: truncated range > libsepol.sepol_module_package_read: invalid module in module package (at section 0) > libsemanage.semanage_load_module: Error while reading from module file /etc/selinux/targeted/modules/tmp/base.pp. > /usr/sbin/semodule: Failed! > > Why does it fail? It shouldn't fail, but try updating to checkpolicy 1.32 and rebuilding that policy (you have a newer libsepol with an older checkpolicy, which should work, but seems to have run into a bug). By the way, you don't have to edit the spec file - you can just --define "BUILD_STRICT 0" --define "BUILD_MLS 0" on the rpmbuild command line. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
