Nevermind. This turned out to be a copy and paste error. I had the wrong module name at the top of my helloworldfile.te file, causing the weird behavior listed below. Sorry for the spam. > -----Original Message----- > From: fedora-selinux-list-bounces@xxxxxxxxxx [mailto:fedora-selinux-list- > bounces@xxxxxxxxxx] On Behalf Of Clarkson, Mike R (US SSA) > Sent: Monday, January 28, 2008 9:18 AM > To: fedora-selinux-list@xxxxxxxxxx > Subject: module install during make not working correctly > > > I have a simple helloworld example and policy module with the following > line in the helloworldfile.fc file: > > /usr/local/test/HelloWorldFile -- > gen_context(root:object_r:helloworld_exec_t,__SYSTEMLOW__) > > When I make the policy using "make load", it appears to install the > helloworldfile.pp in /usr/share/selinux/mls and then install it using > semodule. After doing this if I use restorecon to set the file context > of /usr/local/test/HelloWorldFile, the context is incorrect. It has the > type usr_t, which is the type for the /usr/local/test directory. If I > then manually install the module using "/usr/sbin/semodule -i > /usr/share/selinux/mls/helloworldfile.pp", and again use restorecon to > reset the file context, it has the correct context. I have no idea why > the module install during the "make" process is not working correctly. > I'd appreciate any help in figuring out what is going on. > > I'm using RHEL5.1 with the mls policy. Below I have captured the > sequence of commands described above, along with the output. > > Thanks > > > [clarkson@m2ut5 test]# make load > Compliling mls helloworldfile.mod module > echo "ifdef(\`""helloworldfile""_per_role_template',\`" > > tmp/helloworldfile.mod.role > m4 -D strict_policy -D enable_mls -D mls_num_sens=5 -D mls_num_cats=256 > -D mcs_num_cats=256 -D hide_broken_symptoms policy/rolemap | gawk > '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $3 "; role " $1 > ";)\nhelloworldfile_per_role_template(" $2 "," $3 "," $1 ")" }' >> > tmp/helloworldfile.mod.role > echo "')" >> tmp/helloworldfile.mod.role > echo "ifdef(\`""helloworldfile""_per_userdomain_template',\`" >> > tmp/helloworldfile.mod.role > echo "errprint(\`Warning: per_userdomain_templates have been renamed to > per_role_templates > (""helloworldfile""_per_userdomain_template)'__endline__)" >> > tmp/helloworldfile.mod.role > m4 -D strict_policy -D enable_mls -D mls_num_sens=5 -D mls_num_cats=256 > -D mcs_num_cats=256 -D hide_broken_symptoms policy/rolemap | gawk > '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $3 "; role " $1 > ";)\nhelloworldfile_per_userdomain_template(" $2 "," $3 "," $1 ")" }' >> > tmp/helloworldfile.mod.role > echo "')" >> tmp/helloworldfile.mod.role > m4 -D strict_policy -D enable_mls -D mls_num_sens=5 -D mls_num_cats=256 > -D mcs_num_cats=256 -D hide_broken_symptoms -s > policy/support/fc_dir_variables.spt policy/support/file_patterns.spt > policy/support/loadable_module.spt policy/support/misc_macros.spt > policy/support/mls_mcs_macros.spt policy/support/obj_perm_sets.spt > tmp/generated_definitions.conf tmp/all_interfaces.conf > policy/modules/apps/helloworldfile.te tmp/helloworldfile.mod.role > > tmp/helloworldfile.tmp > /usr/bin/checkmodule -M -m tmp/helloworldfile.tmp -o > tmp/helloworldfile.mod > /usr/bin/checkmodule: loading policy configuration from > tmp/helloworldfile.tmp > /usr/bin/checkmodule: policy configuration loaded > /usr/bin/checkmodule: writing binary representation (version 6) to > tmp/helloworldfile.mod > m4 -D strict_policy -D enable_mls -D mls_num_sens=5 -D mls_num_cats=256 > -D mcs_num_cats=256 -D hide_broken_symptoms > policy/support/fc_dir_variables.spt policy/support/file_patterns.spt > policy/support/loadable_module.spt policy/support/misc_macros.spt > policy/support/mls_mcs_macros.spt policy/support/obj_perm_sets.spt > policy/support/fc_dir_variables.spt policy/support/file_patterns.spt > policy/support/loadable_module.spt policy/support/misc_macros.spt > policy/support/mls_mcs_macros.spt policy/support/obj_perm_sets.spt > policy/modules/apps/helloworldfile.fc > tmp/helloworldfile.mod.fc > Creating mls helloworldfile.pp policy package > /usr/bin/semodule_package -o helloworldfile.pp -m tmp/helloworldfile.mod > -f tmp/helloworldfile.mod.fc > Installing mls helloworldfile.pp policy package. > install -m 0644 helloworldfile.pp /usr/share/selinux/mls > Loading configured modules. > /usr/sbin/semodule -s mls -b /usr/share/selinux/mls/base.pp -i > /usr/share/selinux/mls/acct.pp -i /usr/share/selinux/mls/ada.pp -i > /usr/share/selinux/mls/afs.pp -i /usr/share/selinux/mls/aide.pp -i > /usr/share/selinux/mls/alsa.pp -i /usr/share/selinux/mls/amanda.pp -i > /usr/share/selinux/mls/amavis.pp -i /usr/share/selinux/mls/amtu.pp -i > /usr/share/selinux/mls/anaconda.pp -i /usr/share/selinux/mls/apache.pp > -i /usr/share/selinux/mls/apm.pp -i /usr/share/selinux/mls/apt.pp -i > /usr/share/selinux/mls/arpwatch.pp -i /usr/share/selinux/mls/asterisk.pp > -i /usr/share/selinux/mls/audioentropy.pp -i > /usr/share/selinux/mls/audit.pp -i /usr/share/selinux/mls/authbind.pp -i > /usr/share/selinux/mls/authlogin.pp -i > /usr/share/selinux/mls/automount.pp -i /usr/share/selinux/mls/avahi.pp > -i /usr/share/selinux/mls/backup.pp -i /usr/share/selinux/mls/bind.pp -i > /usr/share/selinux/mls/bluetooth.pp -i > /usr/share/selinux/mls/bootloader.pp -i > /usr/share/selinux/mls/calamaris.pp -i /usr/share/selinux/mls/canna.pp > -i /usr/share/selinux/mls/ccs.pp -i /usr/share/selinux/mls/cdrecord.pp > -i /usr/share/selinux/mls/certwatch.pp -i /usr/share/selinux/mls/cipe.pp > -i /usr/share/selinux/mls/clamav.pp -i /usr/share/selinux/mls/clock.pp > -i /usr/share/selinux/mls/clockspeed.pp -i > /usr/share/selinux/mls/comsat.pp -i > /usr/share/selinux/mls/consoletype.pp -i > /usr/share/selinux/mls/courier.pp -i > /usr/share/selinux/mls/cpucontrol.pp -i /usr/share/selinux/mls/cron.pp > -i /usr/share/selinux/mls/cups.pp -i /usr/share/selinux/mls/cvs.pp -i > /usr/share/selinux/mls/cyrus.pp -i /usr/share/selinux/mls/daemontools.pp > -i /usr/share/selinux/mls/dante.pp -i /usr/share/selinux/mls/dbskk.pp -i > /usr/share/selinux/mls/dbus.pp -i /usr/share/selinux/mls/dcc.pp -i > /usr/share/selinux/mls/ddclient.pp -i /usr/share/selinux/mls/ddcprobe.pp > -i /usr/share/selinux/mls/dhcp.pp -i /usr/share/selinux/mls/dictd.pp -i > /usr/share/selinux/mls/distcc.pp -i /usr/share/selinux/mls/djbdns.pp -i > /usr/share/selinux/mls/dmesg.pp -i /usr/share/selinux/mls/dmidecode.pp > -i /usr/share/selinux/mls/dnsmasq.pp -i > /usr/share/selinux/mls/dovecot.pp -i /usr/share/selinux/mls/dpkg.pp -i > /usr/share/selinux/mls/ethereal.pp -i > /usr/share/selinux/mls/evolution.pp -i /usr/share/selinux/mls/export.pp > -i /usr/share/selinux/mls/fail2ban.pp -i > /usr/share/selinux/mls/fetchmail.pp -i /usr/share/selinux/mls/finger.pp > -i /usr/share/selinux/mls/firstboot.pp -i > /usr/share/selinux/mls/frontgate.pp -i /usr/share/selinux/mls/fstools.pp > -i /usr/share/selinux/mls/ftp.pp -i /usr/share/selinux/mls/ftp_trans.pp > -i /usr/share/selinux/mls/games.pp -i > /usr/share/selinux/mls/gatekeeper.pp -i /usr/share/selinux/mls/getty.pp > -i /usr/share/selinux/mls/gift.pp -i /usr/share/selinux/mls/gnome.pp -i > /usr/share/selinux/mls/gpg.pp -i /usr/share/selinux/mls/gpm.pp -i > /usr/share/selinux/mls/hal.pp -i > /usr/share/selinux/mls/helloworldfile.pp -i > /usr/share/selinux/mls/hostname.pp -i /usr/share/selinux/mls/hotplug.pp > -i /usr/share/selinux/mls/howl.pp -i > /usr/share/selinux/mls/i18n_input.pp -i /usr/share/selinux/mls/imaze.pp > -i /usr/share/selinux/mls/import.pp -i /usr/share/selinux/mls/inetd.pp > -i /usr/share/selinux/mls/init.pp -i /usr/share/selinux/mls/inn.pp -i > /usr/share/selinux/mls/ipsec.pp -i /usr/share/selinux/mls/iptables.pp -i > /usr/share/selinux/mls/irc.pp -i /usr/share/selinux/mls/ircd.pp -i > /usr/share/selinux/mls/irqbalance.pp -i /usr/share/selinux/mls/iscsi.pp > -i /usr/share/selinux/mls/jabber.pp -i /usr/share/selinux/mls/java.pp -i > /usr/share/selinux/mls/kerberos.pp -i /usr/share/selinux/mls/ktalk.pp -i > /usr/share/selinux/mls/kudzu.pp -i /usr/share/selinux/mls/ldap.pp -i > /usr/share/selinux/mls/libraries.pp -i > /usr/share/selinux/mls/loadkeys.pp -i > /usr/share/selinux/mls/locallogin.pp -i > /usr/share/selinux/mls/lockdev.pp -i /usr/share/selinux/mls/logging.pp > -i /usr/share/selinux/mls/logrotate.pp -i > /usr/share/selinux/mls/logwatch.pp -i /usr/share/selinux/mls/lpd.pp -i > /usr/share/selinux/mls/lvm.pp -i /usr/share/selinux/mls/mailman.pp -i > /usr/share/selinux/mls/miscfiles.pp -i > /usr/share/selinux/mls/modutils.pp -i /usr/share/selinux/mls/mono.pp -i > /usr/share/selinux/mls/monop.pp -i /usr/share/selinux/mls/mount.pp -i > /usr/share/selinux/mls/mozilla.pp -i /usr/share/selinux/mls/mplayer.pp > -i /usr/share/selinux/mls/mrtg.pp -i /usr/share/selinux/mls/mta.pp -i > /usr/share/selinux/mls/munin.pp -i /usr/share/selinux/mls/mysql.pp -i > /usr/share/selinux/mls/nagios.pp -i /usr/share/selinux/mls/nessus.pp -i > /usr/share/selinux/mls/netlabel.pp -i /usr/share/selinux/mls/netutils.pp > -i /usr/share/selinux/mls/networkmanager.pp -i > /usr/share/selinux/mls/nis.pp -i /usr/share/selinux/mls/nscd.pp -i > /usr/share/selinux/mls/nsd.pp -i /usr/share/selinux/mls/ntop.pp -i > /usr/share/selinux/mls/ntp.pp -i /usr/share/selinux/mls/nx.pp -i > /usr/share/selinux/mls/oav.pp -i /usr/share/selinux/mls/oddjob.pp -i > /usr/share/selinux/mls/openca.pp -i /usr/share/selinux/mls/openct.pp -i > /usr/share/selinux/mls/openvpn.pp -i /usr/share/selinux/mls/oracle_db.pp > -i /usr/share/selinux/mls/oracle_sp.pp -i > /usr/share/selinux/mls/pcmcia.pp -i /usr/share/selinux/mls/pcs.pp -i > /usr/share/selinux/mls/pcscd.pp -i /usr/share/selinux/mls/pegasus.pp -i > /usr/share/selinux/mls/perdition.pp -i /usr/share/selinux/mls/portage.pp > -i /usr/share/selinux/mls/portmap.pp -i > /usr/share/selinux/mls/portslave.pp -i /usr/share/selinux/mls/postfix.pp > -i /usr/share/selinux/mls/postgresql.pp -i > /usr/share/selinux/mls/postgrey.pp -i /usr/share/selinux/mls/ppp.pp -i > /usr/share/selinux/mls/prelink.pp -i /usr/share/selinux/mls/privoxy.pp > -i /usr/share/selinux/mls/procmail.pp -i > /usr/share/selinux/mls/publicfile.pp -i /usr/share/selinux/mls/pxe.pp -i > /usr/share/selinux/mls/pyzor.pp -i /usr/share/selinux/mls/qmail.pp -i > /usr/share/selinux/mls/query.pp -i /usr/share/selinux/mls/quota.pp -i > /usr/share/selinux/mls/radius.pp -i /usr/share/selinux/mls/radvd.pp -i > /usr/share/selinux/mls/raid.pp -i /usr/share/selinux/mls/razor.pp -i > /usr/share/selinux/mls/rdisc.pp -i /usr/share/selinux/mls/readahead.pp > -i /usr/share/selinux/mls/remotelogin.pp -i > /usr/share/selinux/mls/resmgr.pp -i /usr/share/selinux/mls/rhgb.pp -i > /usr/share/selinux/mls/ricci.pp -i /usr/share/selinux/mls/rlogin.pp -i > /usr/share/selinux/mls/roundup.pp -i /usr/share/selinux/mls/rpc.pp -i > /usr/share/selinux/mls/rpm.pp -i /usr/share/selinux/mls/rshd.pp -i > /usr/share/selinux/mls/rssh.pp -i /usr/share/selinux/mls/rsync.pp -i > /usr/share/selinux/mls/samba.pp -i /usr/share/selinux/mls/sasl.pp -i > /usr/share/selinux/mls/screen.pp -i > /usr/share/selinux/mls/selinuxutil.pp -i > /usr/share/selinux/mls/sendmail.pp -i > /usr/share/selinux/mls/setcontest.pp -i > /usr/share/selinux/mls/setrans.pp -i > /usr/share/selinux/mls/setroubleshoot.pp -i > /usr/share/selinux/mls/slocate.pp -i /usr/share/selinux/mls/slrnpull.pp > -i /usr/share/selinux/mls/smartmon.pp -i /usr/share/selinux/mls/snmp.pp > -i /usr/share/selinux/mls/snort.pp -i > /usr/share/selinux/mls/soundserver.pp -i > /usr/share/selinux/mls/spamassassin.pp -i > /usr/share/selinux/mls/speedtouch.pp -i /usr/share/selinux/mls/squid.pp > -i /usr/share/selinux/mls/ssh.pp -i /usr/share/selinux/mls/storage.pp -i > /usr/share/selinux/mls/stunnel.pp -i /usr/share/selinux/mls/su.pp -i > /usr/share/selinux/mls/sudo.pp -i /usr/share/selinux/mls/sxid.pp -i > /usr/share/selinux/mls/sysnetwork.pp -i > /usr/share/selinux/mls/sysstat.pp -i /usr/share/selinux/mls/tcpd.pp -i > /usr/share/selinux/mls/telnet.pp -i /usr/share/selinux/mls/tftp.pp -i > /usr/share/selinux/mls/thunderbird.pp -i > /usr/share/selinux/mls/timidity.pp -i > /usr/share/selinux/mls/tmpreaper.pp -i /usr/share/selinux/mls/tor.pp -i > /usr/share/selinux/mls/transproxy.pp -i > /usr/share/selinux/mls/tripwire.pp -i /usr/share/selinux/mls/tvtime.pp > -i /usr/share/selinux/mls/tzdata.pp -i > /usr/share/selinux/mls/ucspitcp.pp -i /usr/share/selinux/mls/udev.pp -i > /usr/share/selinux/mls/uml.pp -i /usr/share/selinux/mls/unconfined.pp -i > /usr/share/selinux/mls/updfstab.pp -i /usr/share/selinux/mls/uptime.pp > -i /usr/share/selinux/mls/usbmodules.pp -i > /usr/share/selinux/mls/userdomain.pp -i > /usr/share/selinux/mls/userhelper.pp -i > /usr/share/selinux/mls/usermanage.pp -i > /usr/share/selinux/mls/usernetctl.pp -i /usr/share/selinux/mls/uucp.pp > -i /usr/share/selinux/mls/uwimap.pp -i /usr/share/selinux/mls/vbetool.pp > -i /usr/share/selinux/mls/vmware.pp -i /usr/share/selinux/mls/vpn.pp -i > /usr/share/selinux/mls/watchdog.pp -i > /usr/share/selinux/mls/webalizer.pp -i > /usr/share/selinux/mls/weblogic.pp -i /usr/share/selinux/mls/wine.pp -i > /usr/share/selinux/mls/xen.pp -i /usr/share/selinux/mls/xfs.pp -i > /usr/share/selinux/mls/xprint.pp -i /usr/share/selinux/mls/xserver.pp -i > /usr/share/selinux/mls/yam.pp -i /usr/share/selinux/mls/zebra.pp > rm tmp/helloworldfile.mod.fc tmp/helloworldfile.mod > [clarkson@m2ut5 policy]# cd /usr/local/test > [clarkson@m2ut5 test]# /sbin/restorecon HelloWorldFile > [clarkson@m2ut5 test]# ls -Z HelloWorldFile > -rwxr-xr-x clarkson m2 system_u:object_r:usr_t:SystemLow HelloWorldFile > [clarkson@m2ut5 test]# /usr/sbin/semodule -i > /usr/share/selinux/mls/helloworldfile.pp > [clarkson@m2ut5 test]# /sbin/restorecon HelloWorldFile > [clarkson@m2ut5 test]# ls -Z HelloWorldFile > -rwxr-xr-x clarkson m2 root:object_r:helloworld_exec_t:SystemLow > HelloWorldFile > > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
