Hi,
I'm trying to enable strict policy on fc7, need to do this too. But i got this error when I tried to compile the module
[root@localhost local_module_for_login]# make -f /usr/share/selinux/devel/Makefile local.pp
Compiling targeted local module
/usr/bin/checkmodule: loading policy configuration from tmp/local.tmp
local.te:10:ERROR 'unknown class capability used in rule' at token ';' on line 80642:
#line 10
allow local_login_t self:capability audit_write;
/usr/bin/checkmodule: error(s) encountered while parsing configuration
make: *** [tmp/local.mod] Error 1
Thanks & Rgds,
Louis
I'm trying to enable strict policy on fc7, need to do this too. But i got this error when I tried to compile the module
[root@localhost local_module_for_login]# make -f /usr/share/selinux/devel/Makefile local.pp
Compiling targeted local module
/usr/bin/checkmodule: loading policy configuration from tmp/local.tmp
local.te:10:ERROR 'unknown class capability used in rule' at token ';' on line 80642:
#line 10
allow local_login_t self:capability audit_write;
/usr/bin/checkmodule: error(s) encountered while parsing configuration
make: *** [tmp/local.mod] Error 1
Thanks & Rgds,
Louis
----- Original Message ----
From: shintaro_fujiwara <shin216@xxxxxxxxxxxxxxxx>
To: Hal <hal_bg@xxxxxxxxx>; fedora-selinux-list@xxxxxxxxxx
Sent: Tuesday, August 7, 2007 5:27:16 PM
Subject: Re: Strict policy on FC6 and F7
From: shintaro_fujiwara <shin216@xxxxxxxxxxxxxxxx>
To: Hal <hal_bg@xxxxxxxxx>; fedora-selinux-list@xxxxxxxxxx
Sent: Tuesday, August 7, 2007 5:27:16 PM
Subject: Re: Strict policy on FC6 and F7
2007-08-07 (火) の 09:48 -0700 に Hal さんは書きました:
> Hallo
>
> After a problem with the strict policy in FC6: firefox does not start under
> strict policy. No messages at all. I decided to check if firefox under strict
> policy on F7 works.
> I have installed F7 and enabled strict policy. But from now on I can no longer
> login in enforcing is on . When I enter username and password and I get
> permission denied even for root in GDM. In console I just get new "username"
> prompt.
>
> I do not understand why firefox does not start in fc6 and
> can not longin on F7 under strict policy?
>
> What might be wrong?
> Because, now you're in enforcing mode,
please disable SELinux and login.
Install devel policy.
#yum install selinux-policy-devel
Please install this module.
#vim local.te
module local 1.0;
require {
type local_login_t;
class netlink_audit_socket { append bind connect shutdown ioctl
getattr
setattr shutdown getopt setopt write nlmsg_relay nlmsg_read create
read };
}
logging_send_audit_msg(local_login_t)
logging_set_loginuid(local_login_t)
#make -f /usr/share/selinux/devel/Makefile local.pp
#semodule -i local.pp
#semodule -l|grep local
Set SELinux enforcing.
Did it work?
> Hal
>
>
>
>
>
> ____________________________________________________________________________________
> Luggage? GPS? Comic books?
> Check out fitting gifts for grads at Yahoo! Search
> http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> Hallo
>
> After a problem with the strict policy in FC6: firefox does not start under
> strict policy. No messages at all. I decided to check if firefox under strict
> policy on F7 works.
> I have installed F7 and enabled strict policy. But from now on I can no longer
> login in enforcing is on . When I enter username and password and I get
> permission denied even for root in GDM. In console I just get new "username"
> prompt.
>
> I do not understand why firefox does not start in fc6 and
> can not longin on F7 under strict policy?
>
> What might be wrong?
> Because, now you're in enforcing mode,
please disable SELinux and login.
Install devel policy.
#yum install selinux-policy-devel
Please install this module.
#vim local.te
module local 1.0;
require {
type local_login_t;
class netlink_audit_socket { append bind connect shutdown ioctl
getattr
setattr shutdown getopt setopt write nlmsg_relay nlmsg_read create
read };
}
logging_send_audit_msg(local_login_t)
logging_set_loginuid(local_login_t)
#make -f /usr/share/selinux/devel/Makefile local.pp
#semodule -i local.pp
#semodule -l|grep local
Set SELinux enforcing.
Did it work?
> Hal
>
>
>
>
>
> ____________________________________________________________________________________
> Luggage? GPS? Comic books?
> Check out fitting gifts for grads at Yahoo! Search
> http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Send instant messages to your online friends http://uk.messenger.yahoo.com
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
