semodule -b does not work in FC5
Stephen Smalley
sds at tycho.nsa.gov
Mon Oct 23 13:28:55 UTC 2006
On Sat, 2006-10-21 at 18:02 +0900, Yuichi Nakamura wrote:
> I am editing policy source for Fedora Core 5 to study refpolicy.
>
> I did yum update today, and found semodule -b does not work.
> Last week, it was working..
> Version for related command is below.
> selinux-policy-2.3.7-2.fc5
> checkpolicy-1.30.3-1.fc5
> libsepol-1.12.28-1.fc5
>
>
> How to reproduce problem is following:
>
> 1) I obtained selinux-policy-2.3.7-2.fc5.src.rpm from fedora mirror site.
> 2) installed src.rpm
> 3) Edit following 2 lines in selinux-policy.spec
> %define BUILD_STRICT 0
> %define BUILD_MLS 0
> 4) rpmbuild -bi selinux-policy.spec
> 5) cd BUILD/serefpolicy-2.3.7/
> 6) Edit build.conf, like below.
> TYPE=targeted-mcs
> NAME=targeted
> DISTRO=redhat
> DIRECT_INITRC=y
> MONOLITHIC=n
> 7) make install-src
> 8) cd /etc/selinux/targeted/src/policy
> 9) make load, but fails.
>
> Loading configured modules.
> /usr/sbin/semodule -s targeted -b /usr/share/selinux/targeted/base.pp -i /usr/share/selinux/targeted/amavis.pp -i /usr/share/selinux/targeted/clamav.pp -i /usr/share/selinux/targeted/dcc.pp -i /usr/share/selinux/targeted/pyzor.pp -i /usr/share/selinux/targeted/razor.pp
> libsepol.mls_read_range_helper: truncated range
> libsepol.sepol_module_package_read: invalid module in module package (at section 0)
> libsemanage.semanage_load_module: Error while reading from module file /etc/selinux/targeted/modules/tmp/base.pp.
> /usr/sbin/semodule: Failed!
>
> Why does it fail?
It shouldn't fail, but try updating to checkpolicy 1.32 and rebuilding
that policy (you have a newer libsepol with an older checkpolicy, which
should work, but seems to have run into a bug). By the way, you don't
have to edit the spec file - you can just --define "BUILD_STRICT 0"
--define "BUILD_MLS 0" on the rpmbuild command line.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list