4:02 a.m.
I am editing policy source for Fedora Core 5 to study refpolicy.
I did yum update today, and found semodule -b does not work.
Last week, it was working..
Version for related command is below.
selinux-policy-2.3.7-2.fc5
checkpolicy-1.30.3-1.fc5
libsepol-1.12.28-1.fc5
How to reproduce problem is following:
1) I obtained selinux-policy-2.3.7-2.fc5.src.rpm from fedora mirror site.
2) installed src.rpm
3) Edit following 2 lines in selinux-policy.spec
%define BUILD_STRICT 0
%define BUILD_MLS 0
4) rpmbuild -bi selinux-policy.spec
5) cd BUILD/serefpolicy-2.3.7/
6) Edit build.conf, like below.
TYPE=targeted-mcs
NAME=targeted
DISTRO=redhat
DIRECT_INITRC=y
MONOLITHIC=n
7) make install-src
8) cd /etc/selinux/targeted/src/policy
9) make load, but fails.
Loading configured modules.
/usr/sbin/semodule -s targeted -b /usr/share/selinux/targeted/base.pp -i
/usr/share/selinux/targeted/amavis.pp -i /usr/share/selinux/targeted/clamav.pp -i
/usr/share/selinux/targeted/dcc.pp -i /usr/share/selinux/targeted/pyzor.pp -i
/usr/share/selinux/targeted/razor.pp
libsepol.mls_read_range_helper: truncated range
libsepol.sepol_module_package_read: invalid module in module package (at section 0)
libsemanage.semanage_load_module: Error while reading from module file
/etc/selinux/targeted/modules/tmp/base.pp.
/usr/sbin/semodule: Failed!
Why does it fail?
Yuichi Nakamura
3:14 a.m.
On Sat, 21 Oct 2006 18:02:02 +0900
Yuichi Nakamura wrote:
I am editing policy source for Fedora Core 5 to study refpolicy.
I did yum update today, and found semodule -b does not work.
Last week, it was working..
Version for related command is below.
selinux-policy-2.3.7-2.fc5
checkpolicy-1.30.3-1.fc5
libsepol-1.12.28-1.fc5
I have downgraded to libsepol-1.12.17-1.fc5 and semodule -b worked.
It seems that libsepol-1.12.28 contains a bug.
Yuichi Nakamura
8:28 a.m.
On Sat, 2006-10-21 at 18:02 +0900, Yuichi Nakamura wrote:
I am editing policy source for Fedora Core 5 to study refpolicy.
I did yum update today, and found semodule -b does not work.
Last week, it was working..
Version for related command is below.
selinux-policy-2.3.7-2.fc5
checkpolicy-1.30.3-1.fc5
libsepol-1.12.28-1.fc5
How to reproduce problem is following:
1) I obtained selinux-policy-2.3.7-2.fc5.src.rpm from fedora mirror site.
2) installed src.rpm
3) Edit following 2 lines in selinux-policy.spec
%define BUILD_STRICT 0
%define BUILD_MLS 0
4) rpmbuild -bi selinux-policy.spec
5) cd BUILD/serefpolicy-2.3.7/
6) Edit build.conf, like below.
TYPE=targeted-mcs
NAME=targeted
DISTRO=redhat
DIRECT_INITRC=y
MONOLITHIC=n
7) make install-src
8) cd /etc/selinux/targeted/src/policy
9) make load, but fails.
Loading configured modules.
/usr/sbin/semodule -s targeted -b /usr/share/selinux/targeted/base.pp -i
/usr/share/selinux/targeted/amavis.pp -i /usr/share/selinux/targeted/clamav.pp -i
/usr/share/selinux/targeted/dcc.pp -i /usr/share/selinux/targeted/pyzor.pp -i
/usr/share/selinux/targeted/razor.pp
libsepol.mls_read_range_helper: truncated range
libsepol.sepol_module_package_read: invalid module in module package (at section 0)
libsemanage.semanage_load_module: Error while reading from module file
/etc/selinux/targeted/modules/tmp/base.pp.
/usr/sbin/semodule: Failed!
Why does it fail?
It shouldn't fail, but try updating to checkpolicy 1.32 and rebuilding
that policy (you have a newer libsepol with an older checkpolicy, which
should work, but seems to have run into a bug). By the way, you don't
have to edit the spec file - you can just --define "BUILD_STRICT 0"
--define "BUILD_MLS 0" on the rpmbuild command line.
--
Stephen Smalley
National Security Agency
8:28 p.m.
On Mon, 23 Oct 2006 09:28:55 -0400
Stephen Smalley wrote:
It shouldn't fail, but try updating to checkpolicy 1.32 and
rebuilding
that policy (you have a newer libsepol with an older checkpolicy, which
should work, but seems to have run into a bug). By the way, you don't
have to edit the spec file - you can just --define "BUILD_STRICT 0"
--define "BUILD_MLS 0" on the rpmbuild command line.
I tried yum update
today, and found that checkpolicy is updated.
semodule -b works now, thank you.
Yuichi Nakamura
6388
days inactive
6397
days old
selinux@lists.fedoraproject.org
3 comments
3 participants
participants (3)
-
Stephen Smalley -
Yuichi Nakamura -
Yuichi Nakamura