Hi David,
Do you not need to compile the module with checkmodule(8) then package with semodule_package(8) into a .pp file before importing it?
I don't think semodule can import a type enforcement (.te) file directly? Unless this is new to Fedora19?
Cheers,
Tony
On Sun, Aug 11, 2013 at 3:06 AM, David Highley <dhighley@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
After doing a fedup upgrade process from Fedora 18 to Fedora 19 I'm
getting the following error when trying to install a local policy to fix
some avc issue:
semodule -i *.te
libsepol.module_package_read_offsets: wrong magic number for module
package: expected 0xf97cff8f, got 0x75646f6d
libsemanage.parse_module_headers: Could not parse module data.
semodule: Failed on my_sosreport.te!
The te file looks like this:
module my_sosreport 1.0;
require {
type sosreport_t;
type configfs_t;
type devpts_t;
type initctl_t;
class chr_file { getattr };
class dir { getattr };
class fifo_file { getattr };
}
#============= sosreport_t ==============
allow sosreport_t configfs_t:dir getattr;
allow sosreport_t devpts_t:chr_file getattr;
allow sosreport_t initctl_t:fifo_file getattr;
The audit avc look like the following:
----
time->Sat Aug 10 16:38:22 2013
type=SYSCALL msg=audit(1376177902.497:110): arch=c000003e syscall=16
success=no
exit=-65 a0=3 a1=8940 a2=7fff72ed5bf0 a3=7fff72ed59a0 items=0 ppid=3710
pid=3736
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
ses=429
4967295 tty=(none) comm="brctl" exe="/usr/sbin/brctl"
subj=system_u:system_r:sos
report_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1376177902.497:110): avc: denied { module_request }
for pi
d=3736 comm="brctl" kmod="bridge"
scontext=system_u:system_r:sosreport_t:s0-s0:c
0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=system
----
time->Sat Aug 10 16:38:22 2013
type=SYSCALL msg=audit(1376177902.968:111): arch=c000003e syscall=6
success=no e
xit=-13 a0=7fff425f9af0 a1=1dcd140 a2=1dcd140 a3=fffff800 items=0
ppid=3710 pid=
3764 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 ses
=4294967295 tty=(none) comm="ls" exe="/usr/bin/ls"
subj=system_u:system_r:sosrep
ort_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1376177902.968:111): avc: denied { getattr } for
pid=3764
comm="ls" path="/dev/initctl" dev="devtmpfs" ino=8906
scontext=system_u:system_r
:sosreport_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initctl_t:s0
tclass=fifo_
file
----
----
time->Sat Aug 10 16:38:22 2013
type=SYSCALL msg=audit(1376177902.980:112): arch=c000003e syscall=6
success=no exit=-13 a0=7fff425f9af0 a1=1ddbb30 a2=1ddbb30 a3=fffffff8
items=0 ppid=3710 pid=3764 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ls"
exe="/usr/bin/ls" subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023
key=(null)
type=AVC msg=audit(1376177902.980:112): avc: denied { getattr } for
pid=3764 comm="ls" path="/dev/pts/ptmx" dev="devpts" ino=2
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
----
time->Sat Aug 10 16:38:23 2013
type=SYSCALL msg=audit(1376177903.375:113): arch=c000003e syscall=4
success=no exit=-13 a0=2051cb0 a1=7fff82adf0c0 a2=7fff82adf0c0 a3=0
items=0 ppid=3710 pid=3772 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="df"
exe="/usr/bin/df" subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023
key=(null)
type=AVC msg=audit(1376177903.375:113): avc: denied { getattr } for
pid=3772 comm="df" path="/sys/fs/pstore" dev="pstore" ino=9238
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:object_r:pstorefs_t:s0 tclass=dir
----
time->Sat Aug 10 16:38:23 2013
type=SYSCALL msg=audit(1376177903.408:114): arch=c000003e syscall=4
success=no exit=-13 a0=2052470 a1=7fff82adf0c0 a2=7fff82adf0c0 a3=0
items=0 ppid=3710 pid=3772 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="df"
exe="/usr/bin/df" subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023
key=(null)
type=AVC msg=audit(1376177903.408:114): avc: denied { getattr } for
pid=3772 comm="df" path="/sys/kernel/config" dev="configfs" ino=15409
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:object_r:configfs_t:s0 tclass=dir
----
time->Sat Aug 10 16:38:24 2013
type=SYSCALL msg=audit(1376177904.575:115): arch=c000003e syscall=41
success=no exit=-13 a0=10 a1=80803 a2=f a3=d2be50 items=0 ppid=3710
pid=3803 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 ses=4294967295 tty=(none) comm="lsusb" exe="/usr/bin/lsusb"
subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1376177904.575:115): avc: denied { create } for
pid=3803 comm="lsusb"
scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
tclass=netlink_kobject_uevent_socket
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux