Is the method for rebuilding policy explained in the following guide, still effective for RHEL6?Ok, so I followed the instructions on the noted page; specifically, near the bottom. This line works to rebuild policy on RHEL6: make validate UNK_PERMS=allow NAME=strict TYPE=mcs DISTRO=redhat UBAC=n DIRECT_INITRC=y MONOLITHIC=n POLY=y MLS_CATS=1024 MCS_CATS=1024 base However, if I do this, to switch the build from strict to targeted: cd ~/sources/BUILD/serefpolicy-VERSION make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=redhat UBAC=n DIRECT_INITRC=y MONOLITHIC=n POLY=y MLS_CATS=1024 MCS_CATS=1024 bare make conf make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=redhat UBAC=n DIRECT_INITRC=y MONOLITHIC=n POLY=y MLS_CATS=1024 MCS_CATS=1024 conf ...the make breaks with this error: Creating targeted base module base.conf cat tmp/pre_te_files.conf tmp/all_attrs_types.conf tmp/global_bools.conf tmp/only_te_rules.conf tmp/all_post.conf > base.conf Compiling targeted base module /usr/bin/checkmodule -M -U allow base.conf -o tmp/base.mod /usr/bin/checkmodule: loading policy configuration from base.conf policy/modules/kernel/domain.te":195:ERROR 'type selinux_config_t is not within scope' at token ';' on line 9468: #line 195 dontaudit domain selinux_config_t:dir { getattr search open }; /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/base.mod] Error 1 It breaks even with a non-modified policy (i.e. install src.rpm and run this make command). Do I need to do this, even if I only want to build a modified "targeted" version of the policy? Is it "strict" by default? Thanks, -Josh |
