Re: Strict policy on FC6 and F7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi
So far it did not work. This is what I get:
[root@localhost hal]# make -f /usr/share/selinux/devel/Makefile local.pp
Compiling strict local module
/usr/bin/checkmodule:  loading policy configuration from tmp/local.tmp
local.te:9:ERROR 'syntax error' at token 'logging_send_audit_msg' on line
81076:
logging_send_audit_msg(local_login_t)
}
/usr/bin/checkmodule:  error(s) encountered while parsing configuration
make: *** [tmp/local.mod] Error 1


Hal

--- Louis Lam <lshoujun@xxxxxxxxx> wrote:

> Hi,
> 
> I'm trying to enable strict policy on fc7, need to do this too. But i got
> this error when I tried to compile the module
> 
> [root@localhost local_module_for_login]# make -f
> /usr/share/selinux/devel/Makefile local.pp
> Compiling targeted local module
> /usr/bin/checkmodule:  loading policy configuration from tmp/local.tmp
> local.te:10:ERROR 'unknown class capability used in rule' at token ';' on
> line 80642:
> #line 10
>         allow local_login_t self:capability audit_write;
> /usr/bin/checkmodule:  error(s) encountered while parsing configuration
> make: *** [tmp/local.mod] Error 1
> 
> Thanks & Rgds,
> Louis
> 
> ----- Original Message ----
> From: shintaro_fujiwara <shin216@xxxxxxxxxxxxxxxx>
> To: Hal <hal_bg@xxxxxxxxx>; fedora-selinux-list@xxxxxxxxxx
> Sent: Tuesday, August 7, 2007 5:27:16 PM
> Subject: Re: Strict policy on FC6 and F7
> 
> 2007-08-07 (²Ð) ¤Î 09:48 -0700 ¤Ë Hal ¤µ¤ó¤Ï½ñ¤­¤Þ¤·¤¿:
> > Hallo 
> > 
> > After a problem with the strict policy in FC6: firefox does not start under
> > strict policy. No messages at all. I decided to check if firefox under
> strict
> > policy on F7 works. 
> > I have installed F7 and enabled strict policy. But from now on I can no
> longer
> > login in enforcing is on . When I enter username and password and I get
> > permission denied even for root in GDM. In console I just get new
> "username"
> > prompt.
> > 
> > I do not understand why firefox does not start in fc6 and 
> > can not longin on F7 under strict policy?
> >  
> > What might be wrong? 
> > Because, now you're in enforcing mode,
> please disable SELinux and login.
> Install devel policy.
> 
> #yum install selinux-policy-devel
> 
> Please install this module.
> 
> #vim local.te
> 
> module local 1.0;
> 
> require {
>         type local_login_t;
>         class netlink_audit_socket { append bind connect shutdown ioctl
> getattr
> setattr shutdown getopt setopt write nlmsg_relay nlmsg_read create
> read };
> }
> 
> logging_send_audit_msg(local_login_t)
> logging_set_loginuid(local_login_t)
> 
> #make -f /usr/share/selinux/devel/Makefile local.pp
> #semodule -i local.pp
> #semodule -l|grep local
> 
> Set SELinux enforcing.
> 
> Did it work?
> 
> 
> > Hal
> > 
> > 
> > 
> > 
> > 
> >      
>
____________________________________________________________________________________
> > Luggage? GPS? Comic books? 
> > Check out fitting gifts for grads at Yahoo! Search
> > http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz
> > 
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@xxxxxxxxxx
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> 
> 
> 
> 
> 
> 
> Send instant messages to your online friends http://uk.messenger.yahoo.com 



       
____________________________________________________________________________________
Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online.
http://smallbusiness.yahoo.com/webhosting 

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux