SELinux policy for both Enterprise Linux 5 and 6
Miroslav Grepl
mgrepl at redhat.com
Thu Dec 1 11:03:26 UTC 2011
On 11/18/2011 02:05 AM, Brian Ginn wrote:
>
> I have SELinux policy that is compiled on Red Hat Enterprise Linux 5.
>
> This policy fails to install on Red Hat Enterprise Linux 6 with the
> following message:
>
> libsepol.print_missing_requirements: pbrun's global requirements were
> not met: type/attribute system_chkpwd_t (No such file or directory).
>
This type does not exist on RHEL6. This is a problem why you can not
load your local policy. You probably just need to recompile your policy
on RHEL6. Another option would be to use "optional_policy" block for
interface calling.
For example
optional_policy(`
auth_domtrans_chk_passwd(test_t)
')
If something is wrong with this interface then it won't be used. But of
course, then you will lost a part of functionality.
>
> Is there a way to write SELinux policy so that It can be compiled on v
> 5.x and will run on 6.x ?
>
> Thanks,
>
> Brian
>
Regards,
Miroslav
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20111201/f9cf8db0/attachment.html
More information about the selinux
mailing list