Hi Gordon,
if you wanted to load the policy module into memory, here is the command:
# semodule -i ./puppetmaster.pp
Milos
----- Original Message -----
> Hi List
>
>
> I am trying to install a set of selinux rule definitions, but when I
> run
>
> # semanage -i ./puppetmaster.pp
>
>
> to install the rules, I get the following error message:
>
> /usr/sbin/semanage: utf8
>
>
> I get exit code 1, and my module does not load.
>
>
> My system is RHEL 6.3 with latest updates.
>
>
> It is in the 'en_US.UTF-8' locale.
>
>
> What does this error message mean?
>
> I have tried various LANG env var changes, but can't get the rules to
> load.
>
>
> This is the '.te' file which compiles successfully into the
> 'puppetmaster.pp' file:
>
>
>
>
> module puppetmaster 1.0;
>
> require {
> type httpd_passenger_helper_t;
> type puppet_var_run_t;
> type puppet_log_t;
> type puppet_var_lib_t;
> type user_devpts_t;
> type httpd_t;
> type proc_net_t;
> type certmonger_t;
> class file { rename setattr relabelfrom create write read
> getattr
> relabelto open };
> class dir { search setattr relabelfrom create write read
> getattr
> rmdir remove_name relabelto add_name };
> class chr_file { read write };
> }
>
> #============= certmonger_t ==============
> #!!!! The source type 'certmonger_t' can write to a 'dir' of the
> following
> types:
> # certmonger_var_lib_t, certmonger_var_run_t, cert_t,
> dirsrv_config_t,
> var_lib_t, var_run_t, root_t
>
> allow certmonger_t puppet_var_lib_t:dir { write search getattr
> add_name };
> #!!!! The source type 'certmonger_t' can write to a 'file' of the
> following
> types:
> # certmonger_var_lib_t, certmonger_var_run_t, cert_t,
> dirsrv_config_t,
> root_t
>
> allow certmonger_t puppet_var_lib_t:file { write read create open
> getattr };
>
> #============= httpd_passenger_helper_t ==============
> allow httpd_passenger_helper_t user_devpts_t:chr_file { read write };
>
> #============= httpd_t ==============
> allow httpd_t proc_net_t:file { read getattr open };
> #!!!! The source type 'httpd_t' can write to a 'dir' of the following
> types:
> # httpd_log_t, dirsrv_config_t, httpd_tmp_t, dirsrvadmin_tmp_t,
> httpd_cache_t, httpd_tmpfs_t, httpd_squirrelmail_t, dirsrv_var_log_t,
> zarafa_var_lib_t, dirsrv_var_run_t, httpd_var_run_t,
> dirsrvadmin_config_t,
> squirrelmail_spool_t, passenger_var_run_t, httpdcontent,
> httpd_cobbler_rw_content_t, httpd_munin_rw_content_t,
> httpd_bugzilla_rw_content_t, httpd_cvs_rw_content_t,
> httpd_git_rw_content_t, httpd_sys_rw_content_t,
> httpd_sys_rw_content_t,
> httpd_nagios_rw_content_t, httpd_nutups_cgi_rw_content_t,
> httpd_apcupsd_cgi_rw_content_t, httpd_mediawiki_rw_content_t,
> httpd_squid_rw_content_t, httpd_smokeping_cgi_rw_content_t,
> httpd_prewikka_rw_content_t, httpd_dirsrvadmin_rw_content_t,
> httpd_w3c_validator_rw_content_t, httpd_awstats_rw_content_t,
> httpd_user_rw_content_t
>
> allow httpd_t puppet_log_t:dir { write add_name setattr };
> allow httpd_t puppet_log_t:file { write relabelfrom create relabelto
> };
> allow httpd_t puppet_var_lib_t:dir { setattr relabelfrom create write
> read
> rmdir relabelto remove_name add_name };
> allow httpd_t puppet_var_lib_t:file { write rename create setattr };
> allow httpd_t puppet_var_run_t:dir { search getattr };
>
>
>
> thanks,
> Gordon
>
>
> --
> Gordon Grant
>
> --
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
