>> See if you can use sesearch/seinfo to search for the access that the >> kernel is not using. >> > Right, thanks, I'll do that! sesearch did *not* work - I've had a fatal error (something about "invalid dom used" or something) - that was simply because I was using the old version of setools (the one coming with FC13). I then thought, rather naively as it turned out, that I would be able to recompile the setools set of packages as easily as I did the rest during the weekend. How wrong was I! I've spent about 5 hours applying the most dirty and hideous hacks I haven't used since my university days, but in the end *all* setools packages were forced into submission and asked, not-so-politely, to use and link to python3 instead of the version I have on my FC13 system (2.6.4), thus bypassing the python 2.7 requirement for compilation and build. After I installed the relevant setools-* packages, I executed sesearch again. It ran OK this time, but returned no matches - unsurprising, given that the kernel was complaining of lack of these in the policy. Then I decided to recompile the policy again - from source - and during the build I realised the cause of these kernel errors: I installed my libsemanage packages *after* I have built and installed the new SELinux policy, which means that the selinux-policy-* packages were build and installed using my old libsemanage packages (the one coming with FC13). I also remembered that I had a weird error when I tried to install selinux-policy-targeted (something about libsemanage.semanage_link_sandbox: Link packages failed - No such file or directory), though I did not pay attention to it at the time as the package was installed "correctly". When I recompiled and installed the policy again (though I had to bump the version number from 26 to 27 to prevent rpm screaming at me) using the new version of all conceivable SELinux packages, bar the gui ones, all went well, during installation of selinux-policy-targeted I even had my system relabelled (that was missing with the previous run - probably because of the error I've got) and at the end everything was completed without any errors. When I subsequently rebooted and checked my syslog again - the kernel errors were gone! Problem solved! Now I have the rather unpleasant task of upgrading my own customised policy from the FC13 to FC15 version. Are there any changes from FC13 to FC15 in terms of the language syntax or anything else I need to be aware of before I start? -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
