On 11/18/2016 03:18 PM, cgzones wrote: > I think the interface apache_content_template in apache.if > (https://github.com/TresysTechnology/refpolicy-contrib/blob/1fd3562186cda3cf90495f0dc820ea59879bde31/apache.if#L14) > is the root of this problem. > For example the git module is using this interface, so when loading > git, apache is also required. > I believe that the root of this problem is how refpolicy is structured. the apache_content_template() declares types, and you cannot (properly) declare types in optional policy. In other words to fix this issues and other issues related to declaring types in template that need to be optional, refpolicy would have to be fundamentally restructured. > 2016-11-13 10:49 GMT+01:00 Russell Coker <russell@xxxxxxxxxxxx>: >> That sort of thing is a bug and should be fixed. If it can't be fixed then IMHO the Apache module should be linked in base.pp to make it explicit that it shouldn't be removed. >> >> On 15 September 2015 10:08:21 pm AEST, Dominick Grift <dac.override@xxxxxxxxx> wrote: > On Tue, Sep 15, 2015 at 05:25:58PM +0530, Divya Vyas wrote: >>>>> Hi, >>>>> >>>>> I am getting below error while disabling the apache module policy >>>>> >>>>> semodule -d apache >>>>> libsepol.context_from_record: type httpd_sys_content_t is not defined > (No >>>>> such file or directory). >>>>> libsepol.context_from_record: could not create context structure > (Invalid >>>>> argument). >>>>> libsemanage.validate_handler: invalid context >>>>> system_u:object_r:httpd_sys_content_t:s0 specified for htdocs/ [all > files] >>>>> (Invalid argument). >>>>> libsemanage.dbase_llist_iterate: could not iterate over records > (Invalid >>>>> argument). >>>>> semodule: Failed! > > most likely a dependency issue. apache module is notorious for being > essentially mandatory. > > You would have to identity all modules that depends on the apache > module > and then disable those as well in the same transaction. Be warned that > those modules in turn may have dependencies of their own. > > kind of like "dll hell" in a sense > >>> _______________________________________________ >>> Selinux mailing list >>> Selinux@xxxxxxxxxxxxx >>> To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. >>> To get help, send an email containing "help" to >>> Selinux-request@xxxxxxxxxxxxx. >> >> -- >> Sent from my Nexus 6P with K-9 Mail. >> _______________________________________________ >> Selinux mailing list >> Selinux@xxxxxxxxxxxxx >> To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. >> To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
