> You would need to edit the source, and rebuild modified selinux-policy > packages. The port declaration is located in > policy/modules/kernel/corenetwork.te.in. > Building the RPMs went OK, though the image build failed miserably! I am getting the following errors when trying to install my (custom-built) selinux-policy and selinux-policy-targeted rpms: =============Errors when executing rpm -ivh selinux-policy*.rpm on the image====================== libsemanage.semanage_install_active: setfiles returned error code 1. (Permission denied). libsemanage.semanage_install_active: Could not copy /etc/selinux/targeted/modules/active/policy.kern to /etc/selinux/targeted/policy/policy.24. (No such file or directory). semodule: Failed! libsemanage.semanage_read_policydb: Could not open kernel policy /etc/selinux/targeted/modules/active/policy.kern for reading. (No such file or directory). /usr/sbin/semanage: Could not test MLS enabled status =============================================================================== Looking at my syslog I am getting the following: ============syslog==================================== Jun 30 20:06:36 xp1 kernel: type=1401 audit(1277924796.734:30578): security_compute_sid: invalid context unconfined_u:system_r:setfiles_mac_t:s0-s0:c0.c1023 for scontext=unconfined_u:system_r:livecd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=process Jun 30 20:07:05 xp1 kernel: type=1401 audit(1277924825.706:30579): security_compute_sid: invalid context unconfined_u:system_r:setfiles_mac_t:s0-s0:c0.c1023 for scontext=unconfined_u:system_r:livecd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=process Jun 30 20:07:05 xp1 kernel: type=1401 audit(1277924825.740:30580): security_compute_sid: invalid context unconfined_u:system_r:setfiles_mac_t:s0-s0:c0.c1023 for scontext=unconfined_u:system_r:livecd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=process ===================================================== I presume my currently running SELinux does not like something when I try to install SELinux on the image. I presume it is something to do with the fact that its own 'selinux-policy' somehow differs from the one I built from source. When I actually log on the image itself (with qemu) and try running "semanage port -l | grep ssh" I am getting this: ====================================== libsemanage.semanage_read_policydb: Could not open kernel policy /etc/selinux/targeted/modules/active/policy.kern for reading. (No such file or directory). /usr/sbin/semanage: Could not test MLS enabled status ====================================== The interesting thing is that my "semanage fcontext" command to change ipset SELinux attributes have been executed - these attributes are changed. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
