Hi List
I am trying to install a set of selinux rule definitions, but when I run
# semanage -i ./puppetmaster.pp
to install the rules, I get the following error message:
/usr/sbin/semanage: utf8
I get exit code 1, and my module does not load.
My system is RHEL 6.3 with latest updates.
It is in the 'en_US.UTF-8' locale.
What does this error message mean?
I have tried various LANG env var changes, but can't get the rules to load.
This is the '.te' file which compiles successfully into the 'puppetmaster.pp' file:
module puppetmaster 1.0;
require {
type httpd_passenger_helper_t;
type puppet_var_run_t;
type puppet_log_t;
type puppet_var_lib_t;
type user_devpts_t;
type httpd_t;
type proc_net_t;
type certmonger_t;
class file { rename setattr relabelfrom create write read getattr relabelto open };
class dir { search setattr relabelfrom create write read getattr rmdir remove_name relabelto add_name };
class chr_file { read write };
}
#============= certmonger_t ==============
#!!!! The source type 'certmonger_t' can write to a 'dir' of the following types:
# certmonger_var_lib_t, certmonger_var_run_t, cert_t, dirsrv_config_t, var_lib_t, var_run_t, root_t
allow certmonger_t puppet_var_lib_t:dir { write search getattr add_name };
#!!!! The source type 'certmonger_t' can write to a 'file' of the following types:
# certmonger_var_lib_t, certmonger_var_run_t, cert_t, dirsrv_config_t, root_t
allow certmonger_t puppet_var_lib_t:file { write read create open getattr };
#============= httpd_passenger_helper_t ==============
allow httpd_passenger_helper_t user_devpts_t:chr_file { read write };
#============= httpd_t ==============
allow httpd_t proc_net_t:file { read getattr open };
#!!!! The source type 'httpd_t' can write to a 'dir' of the following types:
# httpd_log_t, dirsrv_config_t, httpd_tmp_t, dirsrvadmin_tmp_t, httpd_cache_t, httpd_tmpfs_t, httpd_squirrelmail_t, dirsrv_var_log_t, zarafa_var_lib_t, dirsrv_var_run_t, httpd_var_run_t, dirsrvadmin_config_t, squirrelmail_spool_t, passenger_var_run_t, httpdcontent, httpd_cobbler_rw_content_t, httpd_munin_rw_content_t, httpd_bugzilla_rw_content_t, httpd_cvs_rw_content_t, httpd_git_rw_content_t, httpd_sys_rw_content_t, httpd_sys_rw_content_t, httpd_nagios_rw_content_t, httpd_nutups_cgi_rw_content_t, httpd_apcupsd_cgi_rw_content_t, httpd_mediawiki_rw_content_t, httpd_squid_rw_content_t, httpd_smokeping_cgi_rw_content_t, httpd_prewikka_rw_content_t, httpd_dirsrvadmin_rw_content_t, httpd_w3c_validator_rw_content_t, httpd_awstats_rw_content_t, httpd_user_rw_content_t
allow httpd_t puppet_log_t:dir { write add_name setattr };
allow httpd_t puppet_log_t:file { write relabelfrom create relabelto };
allow httpd_t puppet_var_lib_t:dir { setattr relabelfrom create write read rmdir relabelto remove_name add_name };
allow httpd_t puppet_var_lib_t:file { write rename create setattr };
allow httpd_t puppet_var_run_t:dir { search getattr };
thanks,
Gordon
Gordon Grant
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
