module install during make not working correctly
Clarkson, Mike R (US SSA)
mike.clarkson at baesystems.com
Wed Jan 30 01:26:25 UTC 2008
Nevermind. This turned out to be a copy and paste error. I had the wrong
module name at the top of my helloworldfile.te file, causing the weird
behavior listed below.
Sorry for the spam.
> -----Original Message-----
> From: fedora-selinux-list-bounces at redhat.com
[mailto:fedora-selinux-list-
> bounces at redhat.com] On Behalf Of Clarkson, Mike R (US SSA)
> Sent: Monday, January 28, 2008 9:18 AM
> To: fedora-selinux-list at redhat.com
> Subject: module install during make not working correctly
>
>
> I have a simple helloworld example and policy module with the
following
> line in the helloworldfile.fc file:
>
> /usr/local/test/HelloWorldFile --
> gen_context(root:object_r:helloworld_exec_t,__SYSTEMLOW__)
>
> When I make the policy using "make load", it appears to install the
> helloworldfile.pp in /usr/share/selinux/mls and then install it using
> semodule. After doing this if I use restorecon to set the file context
> of /usr/local/test/HelloWorldFile, the context is incorrect. It has
the
> type usr_t, which is the type for the /usr/local/test directory. If I
> then manually install the module using "/usr/sbin/semodule -i
> /usr/share/selinux/mls/helloworldfile.pp", and again use restorecon to
> reset the file context, it has the correct context. I have no idea why
> the module install during the "make" process is not working correctly.
> I'd appreciate any help in figuring out what is going on.
>
> I'm using RHEL5.1 with the mls policy. Below I have captured the
> sequence of commands described above, along with the output.
>
> Thanks
>
>
> [clarkson at m2ut5 test]# make load
> Compliling mls helloworldfile.mod module
> echo "ifdef(\`""helloworldfile""_per_role_template',\`" >
> tmp/helloworldfile.mod.role
> m4 -D strict_policy -D enable_mls -D mls_num_sens=5 -D
mls_num_cats=256
> -D mcs_num_cats=256 -D hide_broken_symptoms policy/rolemap | gawk
> '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $3 "; role " $1
> ";)\nhelloworldfile_per_role_template(" $2 "," $3 "," $1 ")" }' >>
> tmp/helloworldfile.mod.role
> echo "')" >> tmp/helloworldfile.mod.role
> echo "ifdef(\`""helloworldfile""_per_userdomain_template',\`" >>
> tmp/helloworldfile.mod.role
> echo "errprint(\`Warning: per_userdomain_templates have been renamed
to
> per_role_templates
> (""helloworldfile""_per_userdomain_template)'__endline__)" >>
> tmp/helloworldfile.mod.role
> m4 -D strict_policy -D enable_mls -D mls_num_sens=5 -D
mls_num_cats=256
> -D mcs_num_cats=256 -D hide_broken_symptoms policy/rolemap | gawk
> '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $3 "; role " $1
> ";)\nhelloworldfile_per_userdomain_template(" $2 "," $3 "," $1 ")" }'
>>
> tmp/helloworldfile.mod.role
> echo "')" >> tmp/helloworldfile.mod.role
> m4 -D strict_policy -D enable_mls -D mls_num_sens=5 -D
mls_num_cats=256
> -D mcs_num_cats=256 -D hide_broken_symptoms -s
> policy/support/fc_dir_variables.spt policy/support/file_patterns.spt
> policy/support/loadable_module.spt policy/support/misc_macros.spt
> policy/support/mls_mcs_macros.spt policy/support/obj_perm_sets.spt
> tmp/generated_definitions.conf tmp/all_interfaces.conf
> policy/modules/apps/helloworldfile.te tmp/helloworldfile.mod.role >
> tmp/helloworldfile.tmp
> /usr/bin/checkmodule -M -m tmp/helloworldfile.tmp -o
> tmp/helloworldfile.mod
> /usr/bin/checkmodule: loading policy configuration from
> tmp/helloworldfile.tmp
> /usr/bin/checkmodule: policy configuration loaded
> /usr/bin/checkmodule: writing binary representation (version 6) to
> tmp/helloworldfile.mod
> m4 -D strict_policy -D enable_mls -D mls_num_sens=5 -D
mls_num_cats=256
> -D mcs_num_cats=256 -D hide_broken_symptoms
> policy/support/fc_dir_variables.spt policy/support/file_patterns.spt
> policy/support/loadable_module.spt policy/support/misc_macros.spt
> policy/support/mls_mcs_macros.spt policy/support/obj_perm_sets.spt
> policy/support/fc_dir_variables.spt policy/support/file_patterns.spt
> policy/support/loadable_module.spt policy/support/misc_macros.spt
> policy/support/mls_mcs_macros.spt policy/support/obj_perm_sets.spt
> policy/modules/apps/helloworldfile.fc > tmp/helloworldfile.mod.fc
> Creating mls helloworldfile.pp policy package
> /usr/bin/semodule_package -o helloworldfile.pp -m
tmp/helloworldfile.mod
> -f tmp/helloworldfile.mod.fc
> Installing mls helloworldfile.pp policy package.
> install -m 0644 helloworldfile.pp /usr/share/selinux/mls
> Loading configured modules.
> /usr/sbin/semodule -s mls -b /usr/share/selinux/mls/base.pp -i
> /usr/share/selinux/mls/acct.pp -i /usr/share/selinux/mls/ada.pp -i
> /usr/share/selinux/mls/afs.pp -i /usr/share/selinux/mls/aide.pp -i
> /usr/share/selinux/mls/alsa.pp -i /usr/share/selinux/mls/amanda.pp -i
> /usr/share/selinux/mls/amavis.pp -i /usr/share/selinux/mls/amtu.pp -i
> /usr/share/selinux/mls/anaconda.pp -i /usr/share/selinux/mls/apache.pp
> -i /usr/share/selinux/mls/apm.pp -i /usr/share/selinux/mls/apt.pp -i
> /usr/share/selinux/mls/arpwatch.pp -i
/usr/share/selinux/mls/asterisk.pp
> -i /usr/share/selinux/mls/audioentropy.pp -i
> /usr/share/selinux/mls/audit.pp -i /usr/share/selinux/mls/authbind.pp
-i
> /usr/share/selinux/mls/authlogin.pp -i
> /usr/share/selinux/mls/automount.pp -i /usr/share/selinux/mls/avahi.pp
> -i /usr/share/selinux/mls/backup.pp -i /usr/share/selinux/mls/bind.pp
-i
> /usr/share/selinux/mls/bluetooth.pp -i
> /usr/share/selinux/mls/bootloader.pp -i
> /usr/share/selinux/mls/calamaris.pp -i /usr/share/selinux/mls/canna.pp
> -i /usr/share/selinux/mls/ccs.pp -i /usr/share/selinux/mls/cdrecord.pp
> -i /usr/share/selinux/mls/certwatch.pp -i
/usr/share/selinux/mls/cipe.pp
> -i /usr/share/selinux/mls/clamav.pp -i /usr/share/selinux/mls/clock.pp
> -i /usr/share/selinux/mls/clockspeed.pp -i
> /usr/share/selinux/mls/comsat.pp -i
> /usr/share/selinux/mls/consoletype.pp -i
> /usr/share/selinux/mls/courier.pp -i
> /usr/share/selinux/mls/cpucontrol.pp -i /usr/share/selinux/mls/cron.pp
> -i /usr/share/selinux/mls/cups.pp -i /usr/share/selinux/mls/cvs.pp -i
> /usr/share/selinux/mls/cyrus.pp -i
/usr/share/selinux/mls/daemontools.pp
> -i /usr/share/selinux/mls/dante.pp -i /usr/share/selinux/mls/dbskk.pp
-i
> /usr/share/selinux/mls/dbus.pp -i /usr/share/selinux/mls/dcc.pp -i
> /usr/share/selinux/mls/ddclient.pp -i
/usr/share/selinux/mls/ddcprobe.pp
> -i /usr/share/selinux/mls/dhcp.pp -i /usr/share/selinux/mls/dictd.pp
-i
> /usr/share/selinux/mls/distcc.pp -i /usr/share/selinux/mls/djbdns.pp
-i
> /usr/share/selinux/mls/dmesg.pp -i /usr/share/selinux/mls/dmidecode.pp
> -i /usr/share/selinux/mls/dnsmasq.pp -i
> /usr/share/selinux/mls/dovecot.pp -i /usr/share/selinux/mls/dpkg.pp -i
> /usr/share/selinux/mls/ethereal.pp -i
> /usr/share/selinux/mls/evolution.pp -i
/usr/share/selinux/mls/export.pp
> -i /usr/share/selinux/mls/fail2ban.pp -i
> /usr/share/selinux/mls/fetchmail.pp -i
/usr/share/selinux/mls/finger.pp
> -i /usr/share/selinux/mls/firstboot.pp -i
> /usr/share/selinux/mls/frontgate.pp -i
/usr/share/selinux/mls/fstools.pp
> -i /usr/share/selinux/mls/ftp.pp -i
/usr/share/selinux/mls/ftp_trans.pp
> -i /usr/share/selinux/mls/games.pp -i
> /usr/share/selinux/mls/gatekeeper.pp -i
/usr/share/selinux/mls/getty.pp
> -i /usr/share/selinux/mls/gift.pp -i /usr/share/selinux/mls/gnome.pp
-i
> /usr/share/selinux/mls/gpg.pp -i /usr/share/selinux/mls/gpm.pp -i
> /usr/share/selinux/mls/hal.pp -i
> /usr/share/selinux/mls/helloworldfile.pp -i
> /usr/share/selinux/mls/hostname.pp -i
/usr/share/selinux/mls/hotplug.pp
> -i /usr/share/selinux/mls/howl.pp -i
> /usr/share/selinux/mls/i18n_input.pp -i
/usr/share/selinux/mls/imaze.pp
> -i /usr/share/selinux/mls/import.pp -i /usr/share/selinux/mls/inetd.pp
> -i /usr/share/selinux/mls/init.pp -i /usr/share/selinux/mls/inn.pp -i
> /usr/share/selinux/mls/ipsec.pp -i /usr/share/selinux/mls/iptables.pp
-i
> /usr/share/selinux/mls/irc.pp -i /usr/share/selinux/mls/ircd.pp -i
> /usr/share/selinux/mls/irqbalance.pp -i
/usr/share/selinux/mls/iscsi.pp
> -i /usr/share/selinux/mls/jabber.pp -i /usr/share/selinux/mls/java.pp
-i
> /usr/share/selinux/mls/kerberos.pp -i /usr/share/selinux/mls/ktalk.pp
-i
> /usr/share/selinux/mls/kudzu.pp -i /usr/share/selinux/mls/ldap.pp -i
> /usr/share/selinux/mls/libraries.pp -i
> /usr/share/selinux/mls/loadkeys.pp -i
> /usr/share/selinux/mls/locallogin.pp -i
> /usr/share/selinux/mls/lockdev.pp -i /usr/share/selinux/mls/logging.pp
> -i /usr/share/selinux/mls/logrotate.pp -i
> /usr/share/selinux/mls/logwatch.pp -i /usr/share/selinux/mls/lpd.pp -i
> /usr/share/selinux/mls/lvm.pp -i /usr/share/selinux/mls/mailman.pp -i
> /usr/share/selinux/mls/miscfiles.pp -i
> /usr/share/selinux/mls/modutils.pp -i /usr/share/selinux/mls/mono.pp
-i
> /usr/share/selinux/mls/monop.pp -i /usr/share/selinux/mls/mount.pp -i
> /usr/share/selinux/mls/mozilla.pp -i /usr/share/selinux/mls/mplayer.pp
> -i /usr/share/selinux/mls/mrtg.pp -i /usr/share/selinux/mls/mta.pp -i
> /usr/share/selinux/mls/munin.pp -i /usr/share/selinux/mls/mysql.pp -i
> /usr/share/selinux/mls/nagios.pp -i /usr/share/selinux/mls/nessus.pp
-i
> /usr/share/selinux/mls/netlabel.pp -i
/usr/share/selinux/mls/netutils.pp
> -i /usr/share/selinux/mls/networkmanager.pp -i
> /usr/share/selinux/mls/nis.pp -i /usr/share/selinux/mls/nscd.pp -i
> /usr/share/selinux/mls/nsd.pp -i /usr/share/selinux/mls/ntop.pp -i
> /usr/share/selinux/mls/ntp.pp -i /usr/share/selinux/mls/nx.pp -i
> /usr/share/selinux/mls/oav.pp -i /usr/share/selinux/mls/oddjob.pp -i
> /usr/share/selinux/mls/openca.pp -i /usr/share/selinux/mls/openct.pp
-i
> /usr/share/selinux/mls/openvpn.pp -i
/usr/share/selinux/mls/oracle_db.pp
> -i /usr/share/selinux/mls/oracle_sp.pp -i
> /usr/share/selinux/mls/pcmcia.pp -i /usr/share/selinux/mls/pcs.pp -i
> /usr/share/selinux/mls/pcscd.pp -i /usr/share/selinux/mls/pegasus.pp
-i
> /usr/share/selinux/mls/perdition.pp -i
/usr/share/selinux/mls/portage.pp
> -i /usr/share/selinux/mls/portmap.pp -i
> /usr/share/selinux/mls/portslave.pp -i
/usr/share/selinux/mls/postfix.pp
> -i /usr/share/selinux/mls/postgresql.pp -i
> /usr/share/selinux/mls/postgrey.pp -i /usr/share/selinux/mls/ppp.pp -i
> /usr/share/selinux/mls/prelink.pp -i /usr/share/selinux/mls/privoxy.pp
> -i /usr/share/selinux/mls/procmail.pp -i
> /usr/share/selinux/mls/publicfile.pp -i /usr/share/selinux/mls/pxe.pp
-i
> /usr/share/selinux/mls/pyzor.pp -i /usr/share/selinux/mls/qmail.pp -i
> /usr/share/selinux/mls/query.pp -i /usr/share/selinux/mls/quota.pp -i
> /usr/share/selinux/mls/radius.pp -i /usr/share/selinux/mls/radvd.pp -i
> /usr/share/selinux/mls/raid.pp -i /usr/share/selinux/mls/razor.pp -i
> /usr/share/selinux/mls/rdisc.pp -i /usr/share/selinux/mls/readahead.pp
> -i /usr/share/selinux/mls/remotelogin.pp -i
> /usr/share/selinux/mls/resmgr.pp -i /usr/share/selinux/mls/rhgb.pp -i
> /usr/share/selinux/mls/ricci.pp -i /usr/share/selinux/mls/rlogin.pp -i
> /usr/share/selinux/mls/roundup.pp -i /usr/share/selinux/mls/rpc.pp -i
> /usr/share/selinux/mls/rpm.pp -i /usr/share/selinux/mls/rshd.pp -i
> /usr/share/selinux/mls/rssh.pp -i /usr/share/selinux/mls/rsync.pp -i
> /usr/share/selinux/mls/samba.pp -i /usr/share/selinux/mls/sasl.pp -i
> /usr/share/selinux/mls/screen.pp -i
> /usr/share/selinux/mls/selinuxutil.pp -i
> /usr/share/selinux/mls/sendmail.pp -i
> /usr/share/selinux/mls/setcontest.pp -i
> /usr/share/selinux/mls/setrans.pp -i
> /usr/share/selinux/mls/setroubleshoot.pp -i
> /usr/share/selinux/mls/slocate.pp -i
/usr/share/selinux/mls/slrnpull.pp
> -i /usr/share/selinux/mls/smartmon.pp -i
/usr/share/selinux/mls/snmp.pp
> -i /usr/share/selinux/mls/snort.pp -i
> /usr/share/selinux/mls/soundserver.pp -i
> /usr/share/selinux/mls/spamassassin.pp -i
> /usr/share/selinux/mls/speedtouch.pp -i
/usr/share/selinux/mls/squid.pp
> -i /usr/share/selinux/mls/ssh.pp -i /usr/share/selinux/mls/storage.pp
-i
> /usr/share/selinux/mls/stunnel.pp -i /usr/share/selinux/mls/su.pp -i
> /usr/share/selinux/mls/sudo.pp -i /usr/share/selinux/mls/sxid.pp -i
> /usr/share/selinux/mls/sysnetwork.pp -i
> /usr/share/selinux/mls/sysstat.pp -i /usr/share/selinux/mls/tcpd.pp -i
> /usr/share/selinux/mls/telnet.pp -i /usr/share/selinux/mls/tftp.pp -i
> /usr/share/selinux/mls/thunderbird.pp -i
> /usr/share/selinux/mls/timidity.pp -i
> /usr/share/selinux/mls/tmpreaper.pp -i /usr/share/selinux/mls/tor.pp
-i
> /usr/share/selinux/mls/transproxy.pp -i
> /usr/share/selinux/mls/tripwire.pp -i /usr/share/selinux/mls/tvtime.pp
> -i /usr/share/selinux/mls/tzdata.pp -i
> /usr/share/selinux/mls/ucspitcp.pp -i /usr/share/selinux/mls/udev.pp
-i
> /usr/share/selinux/mls/uml.pp -i /usr/share/selinux/mls/unconfined.pp
-i
> /usr/share/selinux/mls/updfstab.pp -i /usr/share/selinux/mls/uptime.pp
> -i /usr/share/selinux/mls/usbmodules.pp -i
> /usr/share/selinux/mls/userdomain.pp -i
> /usr/share/selinux/mls/userhelper.pp -i
> /usr/share/selinux/mls/usermanage.pp -i
> /usr/share/selinux/mls/usernetctl.pp -i /usr/share/selinux/mls/uucp.pp
> -i /usr/share/selinux/mls/uwimap.pp -i
/usr/share/selinux/mls/vbetool.pp
> -i /usr/share/selinux/mls/vmware.pp -i /usr/share/selinux/mls/vpn.pp
-i
> /usr/share/selinux/mls/watchdog.pp -i
> /usr/share/selinux/mls/webalizer.pp -i
> /usr/share/selinux/mls/weblogic.pp -i /usr/share/selinux/mls/wine.pp
-i
> /usr/share/selinux/mls/xen.pp -i /usr/share/selinux/mls/xfs.pp -i
> /usr/share/selinux/mls/xprint.pp -i /usr/share/selinux/mls/xserver.pp
-i
> /usr/share/selinux/mls/yam.pp -i /usr/share/selinux/mls/zebra.pp
> rm tmp/helloworldfile.mod.fc tmp/helloworldfile.mod
> [clarkson at m2ut5 policy]# cd /usr/local/test
> [clarkson at m2ut5 test]# /sbin/restorecon HelloWorldFile
> [clarkson at m2ut5 test]# ls -Z HelloWorldFile
> -rwxr-xr-x clarkson m2 system_u:object_r:usr_t:SystemLow
HelloWorldFile
> [clarkson at m2ut5 test]# /usr/sbin/semodule -i
> /usr/share/selinux/mls/helloworldfile.pp
> [clarkson at m2ut5 test]# /sbin/restorecon HelloWorldFile
> [clarkson at m2ut5 test]# ls -Z HelloWorldFile
> -rwxr-xr-x clarkson m2 root:object_r:helloworld_exec_t:SystemLow
> HelloWorldFile
>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the selinux
mailing list