On Thu, 2008-10-09 at 23:19 +0200, Andy Warner wrote: > > which results in the following failure: > > /usr/bin/checkpolicy policy.conf -o policy.21 > /usr/bin/checkpolicy: loading policy configuration from policy.conf > policy/modules/services/fail2ban.te:59:ERROR 'syntax error' at token > 'corenet_tcp_connect_whois_port' on line 439903: > > corenet_tcp_connect_whois_port(fail2ban_t) > checkpolicy: error(s) encountered while parsing configuration > make: *** [policy.21] Error 1 It is best to rebuild the package using the included modules.conf, selinux-policy.spec and other included files by redhat in the source rpm. The redhat modules.conf does not include fail2ban module (it will not try to build and install that module) The issues with that entry is that the whois port is not declared in the corenetwork module and thus you get a syntax error. That whole fail2ban module doesnt work, fail2ban itself has a nasty bug (leaked file descriptor) which makes it difficult to confine with selinux I recently made a screencast that shows how to rebuild, maintain selinux policy using red hat rpms this may or may not be helpful for you: http://82.197.205.60/~domg472/test.ogg I hope this helps -- Dominick Grift <domg472@xxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
