On 2/20/06, Daniel J Walsh <dwalsh(a)redhat.com> wrote:
gf wrote:
> Hi,
> I am trying to update the httpd policy in selinux to allow access to port 8443.
> I thought that I could add the line
> portcon tcp 8443 system_u:object_r:http_port_t
> to the file
> /etc/selinux/targeted/src/policy/net_contents
> and recompile.
>
> My first step was to download the sources:
> selinux-policy-targeted-sources-1.17.30-2.110.rpm
> and install.
>
> To check whether or not everthing was working, I tried the following
> without altering any files:
>
> [$ /etc/selinux/targeted/src/policy]:make load
> mkdir -p /etc/selinux/targeted/policy
> /usr/bin/checkpolicy -o /etc/selinux/targeted/policy/policy.18 policy.conf
> /usr/bin/checkpolicy: loading policy configuration from policy.conf
> tmp/program_used_flags.te:2:ERROR 'syntax error' at token
> '/etc/selinux/targeted/src/policy/domains/program' on line 1164:
> /etc/selinux/targeted/src/policy/domains/program
> #line 1 "tmp/program_used_flags.te"
> /usr/bin/checkpolicy: error(s) encountered while parsing configuration
> make: *** [/etc/selinux/targeted/policy/policy.18] Error 1
>
>
> I am a newbie with regard to selinux and would really appreciate some
> help diagnosing and correcting this error so that I can make my
> desired changes.
>
> I am using Scientific Linux 4 (a variant of RHEL4).
>
> Thanks for your help.
>
>
First can you upgrade to
selinux-policy-targeted*1.17.30-2.126.rpm
THen try again.
It is available on
ftp://people.redhat.com/dwalsh/SELinux/RHEL4
You also need to grab the policycoreutils from there also.
> -g
>
Hi,
Thanks for the response.
I downloaded the following files from the site you pointed to
selinux-policy-targeted-1.17.30-2.126.noarch.rpm
selinux-policy-targeted-sources-1.17.30-2.126.noarch.rpm
policycoreutils-1.18.1-4.9.i386.rpm
and upgraded my distribution. Before installing the *sources* rpm, I
removed /etc/selinux/targeted/src completely to make sure that there
were no residual edited files.
Unfortunately, when I run 'make load', I run into the same problem as
I described earlier.
Do you have any other advice for things that I can try?
Thanks.
-g