>> When I actually log on the image itself (with qemu) and try running >> "semanage port -l | grep ssh" I am getting this: >> >> ====================================== >> libsemanage.semanage_read_policydb: Could not open kernel policy >> /etc/selinux/targeted/modules/active/policy.kern for reading. (No such >> file or directory). >> /usr/sbin/semanage: Could not test MLS enabled status >> ====================================== >> > > I have seen and heard about this a couple of times before but i was > never able to produce this myself. > > I have no clue about that missing file or directory message > (/etc/selinux/targeted/modules/active/policy.kern) > I will have a wild stab at it...This might be able to reproduce the error... If you have the time you can build a small test image using the livecd tools. You need to have the livecd-tools packages installed though. You also need qemu as well. Create and save this test kickstart file: ===========test-sel.ks======================== auth --useshadow --passalgo=md5 bootloader --location=mbr --timeout=5 firewall --disabled install logging --level=info part / --size 1024 --fstype=ext3 repo --cost=1 --name=fedora --mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=fedora-13&arch=$basearch repo --cost=2 --name=updates --mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f13&arch=$basearch #repo --cost=3 --name=livna --baseurl=http://rpm.livna.org/repo/13/$basearch/ repo --cost=4 --name=rpmfusion-free --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-13&arch=$basearch repo --cost=5 --name=rpmfusion-free-updates --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-13&arch=$basearch repo --cost=6 --name=rpmfusion-nonfree --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-13&arch=$basearch repo --cost=7 --name=rpmfusion-nonfree-updates --mirrorlist=http://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-updates-released-13&arch=$basearch # login: root; pwd: root_test rootpw --plaintext root_test selinux --enforcing skipx text %packages --nobase --excludedocs #vital tools kernel bash #selinux-policy #selinux-policy-targeted policycoreutils libsemanage checkpolicy policycoreutils-python #essential tools rsyslog vim-minimal %post --nochroot # selinux-policy-*.rpm = custom-built policies (must exist!) rpm -ivh --root $INSTALL_ROOT ~/selinux-policy-*.rpm %end %post /sbin/restorecon -rip / %end ========================================== Then, make sure you have the (customised) selinux-policy files and from the command line execute the following: livecd-creator -c test-sel.ks -f test-image It will download the necessary packages and build the image (test-image.iso). Check for the above errors when it comes to install the selinux-policy files (I am assuming that on the machine you are building the image your SELinux is in enforced mode and using the targeted policy). Also check your syslog. When the image is built, you can log in to the new system with qemu: qemu -m 512 test-image.iso Login as root with password "root_test" as specified in the above kicktart file. Once there, try to execute semanage and see what happens... -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
