On Mon, 2009-11-09 at 15:27 -0800, John Oliver wrote: > [root@mda-services4 ~]# grep nagios /var/log/audit/audit.log | > audit2allow > > > #============= nagios_t ============== > allow nagios_t var_t:dir read; > [root@mda-services4 ~]# grep nagios /var/log/audit/audit.log | > audit2allow -M nagios > ******************** IMPORTANT *********************** > To make this policy package active, execute: > > semodule -i nagios.pp > > [root@mda-services4 ~]# semodule -i nagios.pp > libsepol.print_missing_requirements: nagios's global requirements were > not met: type/attribute nagios_t > libsemanage.semanage_link_sandbox: Link packages failed > semodule: Failed! > > > > What on Earth does that mean??? > It means you (probably) did something that is not so smart: My guess is that you have overwritten the distributed nagios module. I think that, because you show me this: semodule -i nagios.pp And i assume you have probably did that before. The problem is that you are trying to install (and have been installing) a custom module with the same name of a distributed module: [root@notebook3 admin]# semodule -l | grep nagios nagios 1.8.0 In simple human language: You have overwritten the nagios module that came with you distribution with a custom nagios module. To undo this, either for a update of selinux-policy and selinux-policy (this should overwrite you custom nagios module with the one that comes with your distribution) or you can just install the distribution nagios modules from: [root@notebook3 admin]# ls /usr/share/selinux/targeted | grep nagios nagios.pp.bz2 The lesson to be learned from this experience is: If you decide to install a custom module; then make sure that you give it a unigue name (for example: grep nagios /var/log/audit/audit.log | audit2allow -M mynagios; semodule -i mynagios.pp) Because if there is already a module installed by that name you will overwrite it. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
