"Tony Scully wrote:"
>
> --089e0160d2f49b37d404e3a840f9
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi David,
>
> Do you not need to compile the module with checkmodule(8) then package with
> semodule_package(8) into a .pp file before importing it?
Oops, egg on face. I did compile but miss type when trying to install.
Typing ever the bain.
>
> I don't think semodule can import a type enforcement (.te) file directly?
> Unless this is new to Fedora19?
>
> Cheers,
> Tony
>
>
> On Sun, Aug 11, 2013 at 3:06 AM, David Highley <
> dhighley@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> > After doing a fedup upgrade process from Fedora 18 to Fedora 19 I'm
> > getting the following error when trying to install a local policy to fix
> > some avc issue:
> > semodule -i *.te
> > libsepol.module_package_read_offsets: wrong magic number for module
> > package: expected 0xf97cff8f, got 0x75646f6d
> > libsemanage.parse_module_headers: Could not parse module data.
> > semodule: Failed on my_sosreport.te!
> >
> > The te file looks like this:
> > module my_sosreport 1.0;
> >
> > require {
> > type sosreport_t;
> > type configfs_t;
> > type devpts_t;
> > type initctl_t;
> > class chr_file { getattr };
> > class dir { getattr };
> > class fifo_file { getattr };
> > }
> >
> > #============= sosreport_t ==============
> > allow sosreport_t configfs_t:dir getattr;
> > allow sosreport_t devpts_t:chr_file getattr;
> > allow sosreport_t initctl_t:fifo_file getattr;
> >
> > The audit avc look like the following:
> > ----
> > time->Sat Aug 10 16:38:22 2013
> > type=SYSCALL msg=audit(1376177902.497:110): arch=c000003e syscall=16
> > success=no
> > exit=-65 a0=3 a1=8940 a2=7fff72ed5bf0 a3=7fff72ed59a0 items=0 ppid=3710
> > pid=3736
> > auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> > ses=429
> > 4967295 tty=(none) comm="brctl" exe="/usr/sbin/brctl"
> > subj=system_u:system_r:sos
> > report_t:s0-s0:c0.c1023 key=(null)
> > type=AVC msg=audit(1376177902.497:110): avc: denied { module_request }
> > for pi
> > d=3736 comm="brctl" kmod="bridge"
> > scontext=system_u:system_r:sosreport_t:s0-s0:c
> > 0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=system
> > ----
> > time->Sat Aug 10 16:38:22 2013
> > type=SYSCALL msg=audit(1376177902.968:111): arch=c000003e syscall=6
> > success=no e
> > xit=-13 a0=7fff425f9af0 a1=1dcd140 a2=1dcd140 a3=fffff800 items=0
> > ppid=3710 pid=
> > 3764 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> > fsgid=0 ses
> > =4294967295 tty=(none) comm="ls" exe="/usr/bin/ls"
> > subj=system_u:system_r:sosrep
> > ort_t:s0-s0:c0.c1023 key=(null)
> > type=AVC msg=audit(1376177902.968:111): avc: denied { getattr } for
> > pid=3764
> > comm="ls" path="/dev/initctl" dev="devtmpfs" ino=8906
> > scontext=system_u:system_r
> > :sosreport_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initctl_t:s0
> > tclass=fifo_
> > file
> > ----
> > ----
> > time->Sat Aug 10 16:38:22 2013
> > type=SYSCALL msg=audit(1376177902.980:112): arch=c000003e syscall=6
> > success=no exit=-13 a0=7fff425f9af0 a1=1ddbb30 a2=1ddbb30 a3=fffffff8
> > items=0 ppid=3710 pid=3764 auid=4294967295 uid=0 gid=0 euid=0 suid=0
> > fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ls"
> > exe="/usr/bin/ls" subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > key=(null)
> > type=AVC msg=audit(1376177902.980:112): avc: denied { getattr } for
> > pid=3764 comm="ls" path="/dev/pts/ptmx" dev="devpts" ino=2
> > scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
> > ----
> > time->Sat Aug 10 16:38:23 2013
> > type=SYSCALL msg=audit(1376177903.375:113): arch=c000003e syscall=4
> > success=no exit=-13 a0=2051cb0 a1=7fff82adf0c0 a2=7fff82adf0c0 a3=0
> > items=0 ppid=3710 pid=3772 auid=4294967295 uid=0 gid=0 euid=0 suid=0
> > fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="df"
> > exe="/usr/bin/df" subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > key=(null)
> > type=AVC msg=audit(1376177903.375:113): avc: denied { getattr } for
> > pid=3772 comm="df" path="/sys/fs/pstore" dev="pstore" ino=9238
> > scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:pstorefs_t:s0 tclass=dir
> > ----
> > time->Sat Aug 10 16:38:23 2013
> > type=SYSCALL msg=audit(1376177903.408:114): arch=c000003e syscall=4
> > success=no exit=-13 a0=2052470 a1=7fff82adf0c0 a2=7fff82adf0c0 a3=0
> > items=0 ppid=3710 pid=3772 auid=4294967295 uid=0 gid=0 euid=0 suid=0
> > fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="df"
> > exe="/usr/bin/df" subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > key=(null)
> > type=AVC msg=audit(1376177903.408:114): avc: denied { getattr } for
> > pid=3772 comm="df" path="/sys/kernel/config" dev="configfs" ino=15409
> > scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:configfs_t:s0 tclass=dir
> > ----
> > time->Sat Aug 10 16:38:24 2013
> > type=SYSCALL msg=audit(1376177904.575:115): arch=c000003e syscall=41
> > success=no exit=-13 a0=10 a1=80803 a2=f a3=d2be50 items=0 ppid=3710
> > pid=3803 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> > fsgid=0 ses=4294967295 tty=(none) comm="lsusb" exe="/usr/bin/lsusb"
> > subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null)
> > type=AVC msg=audit(1376177904.575:115): avc: denied { create } for
> > pid=3803 comm="lsusb"
> > scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> > tclass=netlink_kobject_uevent_socket
> >
> > --
> > selinux mailing list
> > selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> --089e0160d2f49b37d404e3a840f9
> Content-Type: text/html; charset=ISO-8859-1
> Content-Transfer-Encoding: quoted-printable
>
> <div dir=3D"ltr">Hi David,<div><br></div><div style>Do you not need to comp=
> ile the module with checkmodule(8) then package with semodule_package(8) in=
> to a .pp file before importing it?</div><div style><br></div><div style>I d=
> on't think semodule can import a type enforcement (.te) file directly? =
> =A0Unless this is new to Fedora19?</div>
> <div style><br></div><div style>Cheers,</div><div style>Tony</div></div><di=
> v class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Sun, Aug 11, =
> 2013 at 3:06 AM, David Highley <span dir=3D"ltr"><<a href=3D"mailto:dhig=
> hley@xxxxxxxxxxxxxxxxxxxxxxx" target=3D"_blank">dhighley@highley-recommende=
> d.com</a>></span> wrote:<br>
> <blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
> x #ccc solid;padding-left:1ex">After doing a fedup upgrade process from Fed=
> ora 18 to Fedora 19 I'm<br>
> getting the following error when trying to install a local policy to fix<br=
> >
> some avc issue:<br>
> semodule -i *.te<br>
> libsepol.module_package_read_offsets: wrong magic number for module<br>
> package: =A0expected 0xf97cff8f, got 0x75646f6d<br>
> libsemanage.parse_module_headers: Could not parse module data.<br>
> semodule: =A0Failed on my_sosreport.te!<br>
> <br>
> The te file looks like this:<br>
> module my_sosreport 1.0;<br>
> <br>
> require {<br>
> =A0 =A0 =A0 =A0 type sosreport_t;<br>
> =A0 =A0 =A0 =A0 type configfs_t;<br>
> =A0 =A0 =A0 =A0 type devpts_t;<br>
> =A0 =A0 =A0 =A0 type initctl_t;<br>
> =A0 =A0 =A0 =A0 class chr_file { getattr };<br>
> =A0 =A0 =A0 =A0 class dir { getattr };<br>
> =A0 =A0 =A0 =A0 class fifo_file { getattr };<br>
> }<br>
> <br>
> #=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D sosreport_t =3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D<br>
> allow sosreport_t configfs_t:dir getattr;<br>
> allow sosreport_t devpts_t:chr_file getattr;<br>
> allow sosreport_t initctl_t:fifo_file getattr;<br>
> <br>
> The audit avc look like the following:<br>
> ----<br>
> time->Sat Aug 10 16:38:22 2013<br>
> type=3DSYSCALL msg=3Daudit(1376177902.497:110): arch=3Dc000003e syscall=3D1=
> 6<br>
> success=3Dno<br>
> exit=3D-65 a0=3D3 a1=3D8940 a2=3D7fff72ed5bf0 a3=3D7fff72ed59a0 items=3D0 p=
> pid=3D3710<br>
> pid=3D3736<br>
> =A0auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0 s=
> gid=3D0 fsgid=3D0<br>
> ses=3D429<br>
> 4967295 tty=3D(none) comm=3D"brctl" exe=3D"/usr/sbin/brctl&q=
> uot;<br>
> subj=3Dsystem_u:system_r:sos<br>
> report_t:s0-s0:c0.c1023 key=3D(null)<br>
> type=3DAVC msg=3Daudit(1376177902.497:110): avc: =A0denied =A0{ module_requ=
> est }<br>
> for =A0pi<br>
> d=3D3736 comm=3D"brctl" kmod=3D"bridge"<br>
> scontext=3Dsystem_u:system_r:sosreport_t:s0-s0:c<br>
> 0.c1023 tcontext=3Dsystem_u:system_r:kernel_t:s0 tclass=3Dsystem<br>
> ----<br>
> time->Sat Aug 10 16:38:22 2013<br>
> type=3DSYSCALL msg=3Daudit(1376177902.968:111): arch=3Dc000003e syscall=3D6=
> <br>
> success=3Dno e<br>
> xit=3D-13 a0=3D7fff425f9af0 a1=3D1dcd140 a2=3D1dcd140 a3=3Dfffff800 items=
> =3D0<br>
> ppid=3D3710 pid=3D<br>
> 3764 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 egid=3D0=
> sgid=3D0<br>
> fsgid=3D0 ses<br>
> =3D4294967295 tty=3D(none) comm=3D"ls" exe=3D"/usr/bin/ls&qu=
> ot;<br>
> subj=3Dsystem_u:system_r:sosrep<br>
> ort_t:s0-s0:c0.c1023 key=3D(null)<br>
> type=3DAVC msg=3Daudit(1376177902.968:111): avc: =A0denied =A0{ getattr } f=
> or<br>
> pid=3D3764<br>
> comm=3D"ls" path=3D"/dev/initctl" dev=3D"devtmpfs&=
> quot; ino=3D8906<br>
> scontext=3Dsystem_u:system_r<br>
> :sosreport_t:s0-s0:c0.c1023 tcontext=3Dsystem_u:object_r:initctl_t:s0<br>
> tclass=3Dfifo_<br>
> file<br>
> ----<br>
> ----<br>
> time->Sat Aug 10 16:38:22 2013<br>
> type=3DSYSCALL msg=3Daudit(1376177902.980:112): arch=3Dc000003e syscall=3D6=
> <br>
> success=3Dno exit=3D-13 a0=3D7fff425f9af0 a1=3D1ddbb30 a2=3D1ddbb30 a3=3Dff=
> fffff8<br>
> items=3D0 ppid=3D3710 pid=3D3764 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0=
> suid=3D0<br>
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 ses=3D4294967295 tty=3D(none) comm=3D=
> "ls"<br>
> exe=3D"/usr/bin/ls" subj=3Dsystem_u:system_r:sosreport_t:s0-s0:c0=
> .c1023<br>
> key=3D(null)<br>
> type=3DAVC msg=3Daudit(1376177902.980:112): avc: =A0denied =A0{ getattr } f=
> or<br>
> pid=3D3764 comm=3D"ls" path=3D"/dev/pts/ptmx" dev=3D&qu=
> ot;devpts" ino=3D2<br>
> scontext=3Dsystem_u:system_r:sosreport_t:s0-s0:c0.c1023<br>
> tcontext=3Dsystem_u:object_r:devpts_t:s0 tclass=3Dchr_file<br>
> ----<br>
> time->Sat Aug 10 16:38:23 2013<br>
> type=3DSYSCALL msg=3Daudit(1376177903.375:113): arch=3Dc000003e syscall=3D4=
> <br>
> success=3Dno exit=3D-13 a0=3D2051cb0 a1=3D7fff82adf0c0 a2=3D7fff82adf0c0 a3=
> =3D0<br>
> items=3D0 ppid=3D3710 pid=3D3772 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0=
> suid=3D0<br>
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 ses=3D4294967295 tty=3D(none) comm=3D=
> "df"<br>
> exe=3D"/usr/bin/df" subj=3Dsystem_u:system_r:sosreport_t:s0-s0:c0=
> .c1023<br>
> key=3D(null)<br>
> type=3DAVC msg=3Daudit(1376177903.375:113): avc: =A0denied =A0{ getattr } f=
> or<br>
> pid=3D3772 comm=3D"df" path=3D"/sys/fs/pstore" dev=3D&q=
> uot;pstore" ino=3D9238<br>
> scontext=3Dsystem_u:system_r:sosreport_t:s0-s0:c0.c1023<br>
> tcontext=3Dsystem_u:object_r:pstorefs_t:s0 tclass=3Ddir<br>
> ----<br>
> time->Sat Aug 10 16:38:23 2013<br>
> type=3DSYSCALL msg=3Daudit(1376177903.408:114): arch=3Dc000003e syscall=3D4=
> <br>
> success=3Dno exit=3D-13 a0=3D2052470 a1=3D7fff82adf0c0 a2=3D7fff82adf0c0 a3=
> =3D0<br>
> items=3D0 ppid=3D3710 pid=3D3772 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0=
> suid=3D0<br>
> fsuid=3D0 egid=3D0 sgid=3D0 fsgid=3D0 ses=3D4294967295 tty=3D(none) comm=3D=
> "df"<br>
> exe=3D"/usr/bin/df" subj=3Dsystem_u:system_r:sosreport_t:s0-s0:c0=
> .c1023<br>
> key=3D(null)<br>
> type=3DAVC msg=3Daudit(1376177903.408:114): avc: =A0denied =A0{ getattr } f=
> or<br>
> pid=3D3772 comm=3D"df" path=3D"/sys/kernel/config" dev=
> =3D"configfs" ino=3D15409<br>
> scontext=3Dsystem_u:system_r:sosreport_t:s0-s0:c0.c1023<br>
> tcontext=3Dsystem_u:object_r:configfs_t:s0 tclass=3Ddir<br>
> ----<br>
> time->Sat Aug 10 16:38:24 2013<br>
> type=3DSYSCALL msg=3Daudit(1376177904.575:115): arch=3Dc000003e syscall=3D4=
> 1<br>
> success=3Dno exit=3D-13 a0=3D10 a1=3D80803 a2=3Df a3=3Dd2be50 items=3D0 ppi=
> d=3D3710<br>
> pid=3D3803 auid=3D4294967295 uid=3D0 gid=3D0 euid=3D0 suid=3D0 fsuid=3D0 eg=
> id=3D0 sgid=3D0<br>
> fsgid=3D0 ses=3D4294967295 tty=3D(none) comm=3D"lsusb" exe=3D&quo=
> t;/usr/bin/lsusb"<br>
> subj=3Dsystem_u:system_r:sosreport_t:s0-s0:c0.c1023 key=3D(null)<br>
> type=3DAVC msg=3Daudit(1376177904.575:115): avc: =A0denied =A0{ create } fo=
> r<br>
> pid=3D3803 comm=3D"lsusb"<br>
> scontext=3Dsystem_u:system_r:sosreport_t:s0-s0:c0.c1023<br>
> tcontext=3Dsystem_u:system_r:sosreport_t:s0-s0:c0.c1023<br>
> tclass=3Dnetlink_kobject_uevent_socket<br>
> <br>
> --<br>
> selinux mailing list<br>
> <a href=3D"mailto:selinux@xxxxxxxxxxxxxxxxxxxxxxx";>selinux@lists.fedoraproj=
> ect.org</a><br>
> <a href=3D"https://admin.fedoraproject.org/mailman/listinfo/selinux"; target=
> =3D"_blank">https://admin.fedoraproject.org/mailman/listinfo/selinux</a></b=
> lockquote></div><br></div>
>
> --089e0160d2f49b37d404e3a840f9--
>
--
Regards,
David Highley
Highley Recommended, Inc. Phone: (206) 669-0081
2927 SW 339th Street WEB: http://www.highley-recommended.com
Federal Way, WA 98023-7732
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
