Jason Axelson wrote:
Hi, I may be misunderstanding things but I think that a "new" version of checkmodule is able to create policy versions other than "latest". I know that checkpolicy accepts the -c option to create binary policies of older versions. Is there any equivalent for checkmodule? My version of checkmodule (2.0.21 I believe) when run with -V reports that it supports "Module versions 4-10", however I do not see any flags to change the compiled module policy version.
The writer is technically capable of writing old versions but we never added the option to checkmodule.
There has been little testing around building modules on a different toolchain than the target so while it is suppose to work I wouldn't really recommend it.
When I then try to load the compiled module on CentOS 5.4 with "semodule -i A.pp" it responds with: libsepol.policydb_read: policydb module version 10 does not match my version range 4-6 libsepol.sepol_module_package_read: invalid module in module package (at section 0) libsemanage.semanage_load_module: Error while reading from module file /etc/selinux/clip/modules/tmp/modules/A.pp. semodule: Failed! So it looks like checkmodule should be able to build policy version 6 which is supported by semodule on the CentOS 5.4 side. Am I misunderstanding something? My setup is using Arch Linux as the development machine so I know it isn't really "supported" per se. Thanks, Jason
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
