Re: semodule: Failed!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Nov 10, 2009 at 02:51:49PM +0100, Dominick Grift wrote:
> On Mon, 2009-11-09 at 15:27 -0800, John Oliver wrote:
> > [root@mda-services4 ~]# grep nagios /var/log/audit/audit.log |
> > audit2allow
> > 
> > 
> > #============= nagios_t ==============
> > allow nagios_t var_t:dir read;
> > [root@mda-services4 ~]# grep nagios /var/log/audit/audit.log |
> > audit2allow -M nagios
> > ******************** IMPORTANT ***********************
> > To make this policy package active, execute:
> > 
> > semodule -i nagios.pp
> > 
> > [root@mda-services4 ~]# semodule -i nagios.pp
> > libsepol.print_missing_requirements: nagios's global requirements were
> > not met: type/attribute nagios_t
> > libsemanage.semanage_link_sandbox: Link packages failed
> > semodule:  Failed!
> > 
> > 
> > 
> > What on Earth does that mean???
> > 
> It means you (probably) did something that is not so smart:
> 
> My guess is that you have overwritten the distributed nagios module.

Ahh!

Actually, the distributed module wasn't installed at all, as nagios was
installed after the fact.  So, I removed mine and added the distributed
one, and nagios will start.  However, there's still at least one rule
missing from the distributed module (and yes, I updated the selinux
related RPMs):

type=AVC msg=audit(1257880340.235:135261): avc:  denied  { read write }
for  pid=15599 comm="ping"
path="/var/nagios/spool/checkresults/checkemlez9" dev=dm-0 ino=196622
scontext=user_u:system_r:ping_t:s0 tcontext=user_u:object_r:var_t:s0
tclass=file
[root@mda-services4 ~]# tail -50 /var/log/audit/audit.log | grep nagios
| audit2allow


#============= ping_t ==============
allow ping_t var_t:file { read write };


libselinux-1.33.4-5.5.el5
libselinux-utils-1.33.4-5.5.el5
selinux-policy-2.4.6-255.el5_4.1
libselinux-python-1.33.4-5.5.el5
selinux-policy-targeted-2.4.6-255.el5_4.1

-- 
***********************************************************************
* John Oliver                             http://www.john-oliver.net/ *
*                                                                     *
***********************************************************************

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux