In the process of porting policies from RHEL 6 to 7, I’m having an issue with the
The trivial te file below compiles and loads fine on RHEL 6.7:
However, there appears to be a bug in RHEL 7.2, because loading with semodule gives the
error: "libsepol.print_missing_requirements: test's global requirements were not
met: role shutdown_roles (No such file or directory)"
After looking into this, curiously the interface has moved from
/usr/share/selinux/devel/include/admin/shutdown.if (selinux-policy rpm in RHEL 6) to
/usr/share/selinux/devel/include/contrib/shutdown.if (selinux-policy-devel rpm in RHEL 7).
Should it be in contrib?
There’s also another issue in that shutdown_exec_t is used in the RHEL 7 interface but it
no longer exists because the shutdown binary has been replaced with a symlink to