|
Dear all, Let me begin by saying the SELinux installation I currently use is non-standard. The platform I work on officially only supports seedit for creating policies, however I simply prefer writing them by hand. Also, I don’t have a GUI. I downloaded
the RPM selinux-policy and installed it, providing the necessary files in /usr/share/selinux/devel for compiling the policies. The compilation of policies works, installing them with semodule doesn’t. The following error is produced: [CODE] root@_________:/root/thales_logging> make -f /usr/share/selinux/devel/Makefile thales_logging.pp Compiling wr-standard thales_logging module /usr/bin/checkmodule: loading policy configuration from tmp/thales_logging.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 10) to tmp/thales_logging.mod Creating wr-standard thales_logging.pp policy package rm tmp/thales_logging.mod tmp/thales_logging.mod.fc root@_________:/root/thales_logging> semodule -i thales_logging.pp libsepol.permission_copy_callback: Module thales_logging depends on permission audit_access in class dir, not satisfied (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! [/CODE] What does this error mean? The system is running Wind River Linux. I have to write the log files to a file under /opt (non-ramdisk), which is labeled with usr_t. The directories inside /opt have the proper labeles. Below the .te file: [CODE] policy_module(thales_logging, 0.1) ######################################## # # Declarations # gen_require(` type usr_t; type auditctl_t; type syslogd_t; type var_log_t; type audit_log_t; type syslogd_initrc_exec_t; ') ######################################## # # thales_logging local policy # allow auditctl_t usr_t:dir { getattr ioctl read search }; allow auditctl_t usr_t:lnk_file { getattr ioctl read }; #allow syslogd_t usr_t:dir { getattr ioctl read search }; [/CODE] The .fc file: [CODE] /etc/init.d/syslog-ng -- gen_context(system_u:object_r:syslogd_initrc_exec_t,s0) /opt/platform_log(/.*)? gen_context(system_u:object_r:var_log_t,s0) /opt/platform_log/audit(/.*)? gen_context(system_u:object_r:audit_log_t,s0) [/CODE] No .if is present, the one generated when compiling is empty. Thanks in advance, Jeroen ------------------------------------------------------------------------------------------------------------ Disclaimer: If you are not the intended recipient of this email, please notify the sender and delete it. Any unauthorized copying, disclosure or distribution of this email or its attachment(s) is forbidden. Thales Nederland BV will not accept liability for any damage caused by this email or its attachment(s). Thales Nederland BV is seated in Hengelo and is registered at the Chamber of Commerce under number 06061578. ------------------------------------------------------------------------------------------------------------ |
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
