On 06/30/2010 09:36 PM, Mr Dash Four wrote: > >> You would need to edit the source, and rebuild modified selinux-policy >> packages. The port declaration is located in >> policy/modules/kernel/corenetwork.te.in. >> > > Building the RPMs went OK, though the image build failed miserably! > > I am getting the following errors when trying to install my > (custom-built) selinux-policy and selinux-policy-targeted rpms: > > =============Errors when executing rpm -ivh selinux-policy*.rpm on the > image====================== > libsemanage.semanage_install_active: setfiles returned error code 1. > (Permission denied). > libsemanage.semanage_install_active: Could not copy > /etc/selinux/targeted/modules/active/policy.kern to > /etc/selinux/targeted/policy/policy.24. (No such file or directory). > semodule: Failed! > libsemanage.semanage_read_policydb: Could not open kernel policy > /etc/selinux/targeted/modules/active/policy.kern for reading. (No such > file or directory). > /usr/sbin/semanage: Could not test MLS enabled status > =============================================================================== > > > Looking at my syslog I am getting the following: > > > ============syslog==================================== > Jun 30 20:06:36 xp1 kernel: type=1401 audit(1277924796.734:30578): > security_compute_sid: invalid context > unconfined_u:system_r:setfiles_mac_t:s0-s0:c0.c1023 for > scontext=unconfined_u:system_r:livecd_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=process > Jun 30 20:07:05 xp1 kernel: type=1401 audit(1277924825.706:30579): > security_compute_sid: invalid context > unconfined_u:system_r:setfiles_mac_t:s0-s0:c0.c1023 for > scontext=unconfined_u:system_r:livecd_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=process > Jun 30 20:07:05 xp1 kernel: type=1401 audit(1277924825.740:30580): > security_compute_sid: invalid context > unconfined_u:system_r:setfiles_mac_t:s0-s0:c0.c1023 for > scontext=unconfined_u:system_r:livecd_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:setfiles_exec_t:s0 tclass=process > ===================================================== > > I presume my currently running SELinux does not like something when I > try to install SELinux on the image. I presume it is something to do > with the fact that its own 'selinux-policy' somehow differs from the one > I built from source. > > When I actually log on the image itself (with qemu) and try running > "semanage port -l | grep ssh" I am getting this: > > ====================================== > libsemanage.semanage_read_policydb: Could not open kernel policy > /etc/selinux/targeted/modules/active/policy.kern for reading. (No such > file or directory). > /usr/sbin/semanage: Could not test MLS enabled status > ====================================== > > > The interesting thing is that my "semanage fcontext" command to change > ipset SELinux attributes have been executed - these attributes are changed. hmm... i am not sure about this but maybe: role system_r types setfiles_mac_t; helps here..
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux