On Mon, 2006-04-10 at 10:01 -0700, Dan Thurman wrote:
> I su as root initially and in my /root directory
> and created the "foo" there. You did not state
> where to create "foo" so if I did this in the
> wrong place, please let me know.
Re-added the list to the cc line above.
It doesn't matter where you create it - it is just a temporary working
directory.
> I downloaded the
> checkmodule and installed it earlier so it appears
> that this time everything works, except that in the
> tmp file created, I did not get the same files as
> you may have. Here is the log of actions:
>
> [dant@copper ~]$ su -
> Password:
> [root@copper ~]# mkdir foo
> [root@copper ~]# cd foo
> [root@copper foo]# vi local.te
> [root@copper foo]# touch local.if local.fc
> [root@copper foo]# make -f /usr/share/selinux/devel/Makefile
> Compliling targeted local module
> /usr/bin/checkmodule: loading policy configuration from tmp/local.tmp
> /usr/bin/checkmodule: policy configuration loaded
> /usr/bin/checkmodule: writing binary representation (version 5) to
> tmp/local.mod
> Creating targeted local.pp policy package
> rm tmp/local.mod.fc tmp/local.mod
> [root@copper foo]# ls
> local.fc local.if local.pp local.te tmp
> [root@copper foo]# ls tmp
> all_interfaces.conf local.mod.role local.tmp
> [root@copper foo]#
Looks correct to me, and matches what was in my original message. So
now you finish the sequence of instructions I provided originally, i.e.
# semodule -i local.pp
Then retry accessing /var/www content from samba, and if it still
doesn't work, check your /var/log/messages file for avc: denied
messages.
--
Stephen Smalley
National Security Agency