-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/20/2011 07:27 PM, Mr Dash Four wrote: > >>> See if you can use sesearch/seinfo to search for the access that the >>> kernel is not using. >>> >> Right, thanks, I'll do that! > sesearch did *not* work - I've had a fatal error (something about > "invalid dom used" or something) - that was simply because I was using > the old version of setools (the one coming with FC13). I then thought, > rather naively as it turned out, that I would be able to recompile the > setools set of packages as easily as I did the rest during the weekend. > How wrong was I! > > I've spent about 5 hours applying the most dirty and hideous hacks I > haven't used since my university days, but in the end *all* setools > packages were forced into submission and asked, not-so-politely, to use > and link to python3 instead of the version I have on my FC13 system > (2.6.4), thus bypassing the python 2.7 requirement for compilation and > build. > > After I installed the relevant setools-* packages, I executed sesearch > again. It ran OK this time, but returned no matches - unsurprising, > given that the kernel was complaining of lack of these in the policy. > > Then I decided to recompile the policy again - from source - and during > the build I realised the cause of these kernel errors: I installed my > libsemanage packages *after* I have built and installed the new SELinux > policy, which means that the selinux-policy-* packages were build and > installed using my old libsemanage packages (the one coming with FC13). > > I also remembered that I had a weird error when I tried to install > selinux-policy-targeted (something about > libsemanage.semanage_link_sandbox: Link packages failed - No such file > or directory), though I did not pay attention to it at the time as the > package was installed "correctly". > > When I recompiled and installed the policy again (though I had to bump > the version number from 26 to 27 to prevent rpm screaming at me) using > the new version of all conceivable SELinux packages, bar the gui ones, > all went well, during installation of selinux-policy-targeted I even had > my system relabelled (that was missing with the previous run - probably > because of the error I've got) and at the end everything was completed > without any errors. > > When I subsequently rebooted and checked my syslog again - the kernel > errors were gone! Problem solved! > > Now I have the rather unpleasant task of upgrading my own customised > policy from the FC13 to FC15 version. Are there any changes from FC13 to > FC15 in terms of the language syntax or anything else I need to be aware > of before I start? Not that I recall. F16 will add new stuff. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk4CMZ0ACgkQrlYvE4MpobNMHwCggv7bZaDAYCwxoja+ek2e9+VC HaIAoMM9V97gSfccgD9z1QPaqHZ6cZqB =EYr7 -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
