On Wed, 2008-05-14 at 16:38 -0400, Eric Paris wrote:
> > ^M Installing: kbd
##################### [126/129]
> > ^M Installing: kernel ##################### [127/129]
> > ^M Installing: selinux-policy ##################### [128/129]
> > ^M Installing: selinux-policy-targeted ##################### [129/129]
> >
> > All of this still went smoothly...
> >
> > libsemanage.dbase_llist_query: could not query record value
> >
> > No idea where this is coming from
>
> Maybe a table was empty. Might want to look under etc/selinux/targeted
> within the chroot.
Without any helpful input I've still been banging my head against this
wall, cleaned up a bunch of stuff in how the livecd-tools make images,
wrote some policy (going to need to redo it) and it seems like I'm
building images at least now. Remember all of this is building F10
images on F10, I'm not trying to handle the 'illegal' context stuff at
all, let just make that clear.
Anyway, I'm still getting a couple of ?error? messages
Installing: kbd ##################### [126/129]
Installing: selinux-policy ##################### [127/129]
Installing: selinux-policy-targeted ##################### [128/129]
libsemanage.dbase_llist_query: could not query record value
/usr/sbin/semanage: Invalid prefix user
/usr/sbin/semanage: Invalid prefix user
Installing: kernel ##################### [129/129]
Only root can do that.
e2fsck 1.40.9 (27-Apr-2008)
Pass 1: Checking inodes, blocks, and sizes
but I'm about to try to boot one of these things and see what happens.
Anyone have hints on what to look for with the above error messages? As
usual I don't know what a 'table' is in this context :)
The invalid prefix user is another artifact of semanage/seobject.py
trying to check something against the host's policy rather than checking
against the target policy just due to lack of adequate libsemanage
interfaces. Calls to is_selinux_mls_enabled() and
security_check_context() need to be turned into libsemanage calls.
The could not query record value one is too generic. Might help to get
a snapshot of the /etc/selinux/targeted tree that it built and see
what's there. Or possibly patching libsemanage to give more useful
output, but it's a bit hard due to abstraction layers there.
--
Stephen Smalley
National Security Agency