From: Paul Howarth [mailto:paul@city-fan.org]
<snip>
Back to the point, my email a few times back suggested
putting a line
with just ; where the rules would be in order to get a
module without
rules, have you tried that?
Is this with or without the requires clause?
With the requires clause, the semicolon doesn't seem to make any difference.
Ok, now I'm not sure what is going on. I built a policy with no rules and it linked in fine. (no ; was required either).. The policy_module statement always brings in a ton of requires (object classes mainly) so you'll always have requires whether you add them explicitly or not.
What problem are you running into with this?
Joshua Brindle wrote:
From: Paul Howarth [mailto:paul@city-fan.org]
<snip>
Back to the point, my email a few times back suggested
putting a line
with just ; where the rules would be in order to get a
module without
rules, have you tried that?
Is this with or without the requires clause?
With the requires clause, the semicolon doesn't seem to make any difference.
Ok, now I'm not sure what is going on. I built a policy with no rules and it linked in fine. (no ; was required either).. The policy_module statement always brings in a ton of requires (object classes mainly) so you'll always have requires whether you add them explicitly or not.
What problem are you running into with this?
It's as described in the thread around here: http://www.redhat.com/archives/fedora-selinux-list/2006-May/msg00104.html
The gist of it is that I had a policy module package built on one machine and couldn't load it on another machine with an older version of selinux-policy:
libsepol.class_copy_callback: contagged: Modules may not yet declare new classes. libsemanage.semanage_link_sandbox: Link packages failed /usr/sbin/semodule: Failed!
The responses I got suggested that the absence of a policy module from the policy module package (just file contexts, no rules) were at least partly responsible for the issue.
The workaround I'm using at the moment is for my RPM packages to have an RPM "conflict" with selinux-policy versions older than the one my package is built against.
Paul.
Paul.
selinux@lists.fedoraproject.org