Re: libsemanage.semanage_install_active: error during semodule -n -v -b base.pp -s refpolicy

[Vikram Ambrose <Vikram.Ambrose@xxxxxxxxxxxxx>]

Stephen Smalley wrote:
> On Thu, 2008-06-12 at 13:35 -0400, Vikram Ambrose wrote:
>   
> > Stephen Smalley wrote:
> >     
> > > On Thu, 2008-06-12 at 10:43 -0400, Vikram Ambrose wrote:
> > >   
> > >       
> > > > During the "make load" procedure with refpolicy, the semodule command 
> > > > fails, so I tried it manually and I see this error.
> > > >
> > > > root@ubuntu:/home/vikram/refpolicy-ac# semodule -b 
> > > > /usr/share/selinux/refpolicy/base.pp -s refpolicy -v -n
> > > > Attempting to install base module '/usr/share/selinux/refpolicy/base.pp':
> > > > Ok: return value of 0.
> > > > Committing changes:
> > > > libsemanage.semanage_install_active: setfiles returned error code 1. (No 
> > > > such file or directory).
> > > >     
> > > >         
> > > whereis setfiles
> > >
> > >   
> > >       
> > setfiles and the rest of the SELinux "toolchain" was all built from svn 
> > and placed into /hone/testing/root
> > root's environment has PATH that contains /home/testing/root/bin
> > as well as LD_LIBRARY_PATH to /home/testing/root/lib
> >
> > Does libsemanage have a hard coded path to setfiles?
> >     
>
> Yes, although it can be overridden via /etc/selinux/semanage.conf.
> Add something like:
> [setfiles]
> path = /path/to/setfiles
> [end]
>
>   
I just noticed the hard coded path in conf-parser.y
Is there a way of doing the above with a generic rule to all of the 
selinux toolchain and not specifically to "setfiles" as shown above?
...
Adding that to semanage.conf produce an almost obvious error " error 
while loading shared libraries: libsepol.so.0: cannot open shared object 
file: No such file or directory"

what sort of environment is libsemanage using to execute setfiles? 
libsepol and friends are in LD_LIBRARY_PATH

> Or you could run semodule in a chroot environment if you've set one up.
>
>   
> > > What versions are you using?  Is this with the packages included in
> > > Hardy Heron?
> > >
> > >   
> > >       
> > svn from yesterday.
> >     
>
> I see.  Are you aware that Ubuntu 8.04 has SELinux support (apt-get
> install selinux)?  Although you may still want to build a custom policy,
> as their initial default policy was minimal.
>
>   
Yes I am, this was a usability exercise of the SELinux toolchain and 
refpolicy, therefore distribution packages were not employed.

Thank you for your help Stephen.


--
Vikram Ambrose | Linux Products Division | WindRiver Corporation


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.