I've found and fixed one kernel bug using this policy, but not THE kernel bug. Weeeee On Wed, Dec 7, 2011 at 9:04 AM, Steve Lawrence <slawrence@xxxxxxxxxx> wrote: > On 12/07/2011 08:54 AM, Eric Paris wrote: >> >> On Wed, Dec 7, 2011 at 8:32 AM, Steve Lawrence<slawrence@xxxxxxxxxx> >> wrote: >>> >>> On 12/03/2011 11:30 AM, Richard Haines wrote: >> >> >>>> 5) I could not load a new policy that had a boolean and supporting >>>> statements in it. The actual binary policy was fine (using apol), but >>>> load_policy had problems. I started with a Fedora 16 base and added >>>> the new Integration code with no problems. Is it a known problem as >>>> if not I'll check further. >>>> The errors I had when running semodule with a boolean were (Note: I >>>> had already built a new base policy (SELINUXTYPE=rch-test1) with no >>>> problems): >>> >>> >>> >>> Hmmm, this is interesting. Both seinfo and apol are fine with my >>> CIL-generated binary, but fails to load when I add booleans. I also >>> generated a similar mdp policy.conf, ran checkpolicy, and that failed to >>> load as well. sediff also shows the two binaries to be the same. >>> >>> I'll look into this more, but because of that, I'm thinking this is a >>> kernel >>> bug. If anyone else wants to look at it, I've attached a simple file that >>> is >>> the standard mdp.conf with a single boolean defined, and single >>> conditional >>> statement using that boolean. This builds a binary fine, and apol/seinfo >>> have no problem with it, but fails to load with load_policy. >>> >>>> >>>> ------ Start -------------- >>>> # semodule -i base.cil ext_gateway.cil int_gateway.cil move_file.cil >>>> >>>> SELinux: Could not load policy file >>>> /etc/selinux/rch-test1/policy/policy.26: No such file or directory >>>> /sbin/load_policy: Can't load policy: No such file or directory >>>> >>>> libsemanage.semanage_reload_policy: load_policy returned error code 2. >>>> (No >>>> such file or directory). >>>> SELinux: Could not load policy file >>>> /etc/selinux/rch-test1/policy/policy.26: No such file or directory >>>> /sbin/load_policy: Can't load policy: No such file or directory >>>> >>>> libsemanage.semanage_reload_policy: load_policy returned error code 2. >>>> (No >>>> such file or directory). >>>> semodule: Failed! >>>> >>>> ----- End ----------------- >> >> >> If you send me the policy.X in question I'll spend a couple minutes >> figuring out what the kernel is upset about... > > > policy.24 attached. Thanks. -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
