2007-08-08 (水) の 02:57 -0700 に Hal さんは書きました: > Hi > So far it did not work. This is what I get: > [root@localhost hal]# make -f /usr/share/selinux/devel/Makefile local.ppfe > Compiling strict local module > /usr/bin/checkmodule: loading policy configuration from tmp/local.tmp > local.te:9:ERROR 'syntax error' at token 'logging_send_audit_msg' on line > 81076: > logging_send_audit_msg(local_login_t) > } > /usr/bin/checkmodule: error(s) encountered while parsing configuration > make: *** [tmp/local.mod] Error 1 > All right. I've checked Tresys page and foud interface name is... http://oss.tresys.com/docs/refpolicy/api/interfaces.html logging_send_audit_msgs Try this. Solved? I have an another problem on strict policy, so keep in touch. Cheers! > > Hal > > --- Louis Lam <lshoujun@xxxxxxxxx> wrote: > > > Hi, > > > > I'm trying to enable strict policy on fc7, need to do this too. But i got > > this error when I tried to compile the module > > > > [root@localhost local_module_for_login]# make -f > > /usr/share/selinux/devel/Makefile local.pp > > Compiling targeted local module > > /usr/bin/checkmodule: loading policy configuration from tmp/local.tmp > > local.te:10:ERROR 'unknown class capability used in rule' at token ';' on > > line 80642: > > #line 10 > > allow local_login_t self:capability audit_write; > > /usr/bin/checkmodule: error(s) encountered while parsing configuration > > make: *** [tmp/local.mod] Error 1 > > > > Thanks & Rgds, > > Louis > > > > ----- Original Message ---- > > From: shintaro_fujiwara <shin216@xxxxxxxxxxxxxxxx> > > To: Hal <hal_bg@xxxxxxxxx>; fedora-selinux-list@xxxxxxxxxx > > Sent: Tuesday, August 7, 2007 5:27:16 PM > > Subject: Re: Strict policy on FC6 and F7 > > > > 2007-08-07 (²Ð) ¤Î 09:48 -0700 ¤Ë Hal ¤µ¤ó¤Ï½ñ¤¤Þ¤·¤¿: > > > Hallo > > > > > > After a problem with the strict policy in FC6: firefox does not start under > > > strict policy. No messages at all. I decided to check if firefox under > > strict > > > policy on F7 works. > > > I have installed F7 and enabled strict policy. But from now on I can no > > longer > > > login in enforcing is on . When I enter username and password and I get > > > permission denied even for root in GDM. In console I just get new > > "username" > > > prompt. > > > > > > I do not understand why firefox does not start in fc6 and > > > can not longin on F7 under strict policy? > > > > > > What might be wrong? > > > Because, now you're in enforcing mode, > > please disable SELinux and login. > > Install devel policy. > > > > #yum install selinux-policy-devel > > > > Please install this module. > > > > #vim local.te > > > > module local 1.0; > > > > require { > > type local_login_t; > > class netlink_audit_socket { append bind connect shutdown ioctl > > getattr > > setattr shutdown getopt setopt write nlmsg_relay nlmsg_read create > > read }; > > } > > > > logging_send_audit_msg(local_login_t) > > logging_set_loginuid(local_login_t) > > > > #make -f /usr/share/selinux/devel/Makefile local.pp > > #semodule -i local.pp > > #semodule -l|grep local > > > > Set SELinux enforcing. > > > > Did it work? > > > > > > > Hal > > > > > > > > > > > > > > > > > > > > > ____________________________________________________________________________________ > > > Luggage? GPS? Comic books? > > > Check out fitting gifts for grads at Yahoo! Search > > > http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz > > > > > > -- > > > fedora-selinux-list mailing list > > > fedora-selinux-list@xxxxxxxxxx > > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > > > > -- > > fedora-selinux-list mailing list > > fedora-selinux-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > > > > > > > > > > > > > > Send instant messages to your online friends http://uk.messenger.yahoo.com > > > > > ____________________________________________________________________________________ > Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. > http://smallbusiness.yahoo.com/webhosting -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
