SELinux policy for both Enterprise Linux 5 and 6
Miroslav Grepl
mgrepl at redhat.com
Thu Dec 1 18:58:45 UTC 2011
On 12/01/2011 03:15 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/01/2011 06:03 AM, Miroslav Grepl wrote:
>> On 11/18/2011 02:05 AM, Brian Ginn wrote:
>>> I have SELinux policy that is compiled on Red Hat Enterprise
>>> Linux 5.
>>>
>>> This policy fails to install on Red Hat Enterprise Linux 6 with
>>> the following message:
>>>
>>> libsepol.print_missing_requirements: pbrun's global requirements
>>> were not met: type/attribute system_chkpwd_t (No such file or
>>> directory).
>>>
>> This type does not exist on RHEL6. This is a problem why you can
>> not load your local policy. You probably just need to recompile
>> your policy on RHEL6. Another option would be to use
>> "optional_policy" block for interface calling.
>>
>> For example
>>
>> optional_policy(` auth_domtrans_chk_passwd(test_t) ')
>>
>> If something is wrong with this interface then it won't be used.
>> But of course, then you will lost a part of functionality.
>>>
>>>
>>> Is there a way to write SELinux policy so that It can be compiled
>>> on v 5.x and will run on 6.x ?
>>>
>>>
>>>
>>>
>>>
>>>
>>> Thanks,
>>>
>>> Brian
>>>
>> Regards, Miroslav
>>>
>>> -- selinux mailing list selinux at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>>
>> -- selinux mailing list selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> Miroslav we need to add the type alias for this situation, though.
I was thinking about that, but this is between major release. Is this
possible?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk7XjAUACgkQrlYvE4MpobPjCwCgl5KGLHffnscGuAbg8r8ud/td
> xXsAni/3l1Qy/ud5MtZj7tEKQEWfJSuV
> =Trss
> -----END PGP SIGNATURE-----
More information about the selinux
mailing list