I think F7 strict policy is broken.
Let's wait for a while until SELinux guys fix it.
I decided to play with FC6 this time.
2007-08-08 (水) の 14:43 -0700 に Hal さんは書きました:
> Authentication failed again:(
> but meanwhile I have checked firefox on strict policy on FC7 it does not work.
>
> --- shintaro_fujiwara <shin216@xxxxxxxxxxxxxxxx> wrote:
>
> > 2007-08-08 (æ°´) ã® 13:32 -0700 ã« Hal ã•ã‚“ã¯æ›¸ãã¾ã—ãŸ:
> > > Well
> > > I manged to compile the module, but
> > > it does not work for me.
> > > Compiled,loaded,set enforcing and: "authentication failed" again.
> > >
> > > I do not know if I am stupid, but I can not get a long with this Selinux...
> >
> > >
> > > Does this nodule work for you guys????
> > >
> > > hal
> > >
> > > --- "Christopher J. PeBenito" <cpebenito@xxxxxxxxxx> wrote:
> > >
> > > > On Wed, 2007-08-08 at 12:39 -0700, Hal wrote:
> > > > > I have tryed with
> > > > > logging_send_audit_msgs(local_login_t)
> > > > >
> > > > > But still:
> > > > > [root@localhost hal]# make -f /usr/share/selinux/devel/Makefile
> > local.pp
> > > > > Compiling strict local module
> > > > > /usr/bin/checkmodule: loading policy configuration from tmp/local.tmp
> > > > > local.te:9:ERROR 'unknown class capability used in rule' at token ';'
> > on
> > > > line
> > > > > 81105:
> > > > > #line 9
> > > > > allow local_login_t self:capability audit_write;
> > Because we did not write
> >
> > class capability { audit_write };
> >
> > in require brace.
> >
> > write it and try again.
> > Did you make it?
> >
> >
> > As a matter of fact, I have another problem on strict policy.
> > I ended up breaking F7 altogether eliminating libselinux with --nodeps.
> > Now I'm trying to upgrade FC6 to F7.
> > You can upgrade FC6 to F7, if you are tired of your process on F7.
> > Do not stop trying strict policy.Never surrender.
> > It's rewarding, and SELinux guys will guide you to the right place.
> >
> >
> > > > > /usr/bin/checkmodule: error(s) encountered while parsing configuration
> > > > > make: *** [tmp/local.mod] Error 1
> > > > >
> > > > > I really have no idea what all this means.
> > > > > there is nowhere "allow" in local.te. if it is in this macros at the
> > end...
> > > > > Do I need to install the policy source and edit it?
> > > >
> > > > It is in the interface. You need to change this:
> > > >
> > > > > > > module local 1.0;
> > > >
> > > > to this:
> > > >
> > > > policy_module(local,1.0)
> > > >
> > > > It will automatically require all of the kernel object classes.
> > > >
> > > > --
> > > > Chris PeBenito
> > > > Tresys Technology, LLC
> > > > (410) 290-1411 x150
> > > >
> > > >
> > >
> > >
> > >
> > >
> >
> ____________________________________________________________________________________
> > > Luggage? GPS? Comic books?
> > > Check out fitting gifts for grads at Yahoo! Search
> > > http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz
> > >
> > > --
> > > fedora-selinux-list mailing list
> > > fedora-selinux-list@xxxxxxxxxx
> > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> >
>
>
>
>
> ____________________________________________________________________________________
> Sick sense of humor? Visit Yahoo! TV's
> Comedy with an Edge to see what's on, when.
> http://tv.yahoo.com/collections/222
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
