circular policy references generated by sepolgen
Daniel J Walsh
dwalsh at redhat.com
Wed Jan 11 13:25:04 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/10/2012 04:59 PM, Michael Atighetchi wrote:
> All,
>
> I have a number of custom policies that I developed on a Fedora 14
> system by using sepolgen and iterating over the policies up to a
> point where they are violation free.
>
> When trying to install those policies on another system, I've run
> into a circular dependency issue. No matter what order I call the
> 6 .sh scripts created by sepolgen, I always end up with missing
> required types, e.g.,:
>
> ---- [proxyuser at lime selinux]$ sudo ./CZwd.sh Building and Loading
> Policy + make -f /usr/share/selinux/devel/Makefile make: Nothing to
> be done for `all'. + /usr/sbin/semodule -i CZwd.pp
> libsepol.print_missing_requirements: CZwd's global requirements
> were not met: type/attribute CZfwa_t (No such file or directory).
> libsemanage.semanage_link_sandbox: Link packages failed (No such
> file or directory). /usr/sbin/semodule: Failed! ----
>
> Presumably, one can break these cycles by defining all required
> types first. Is there a manual way to do this using the SELinux
> tools?
>
> Thanks Michael
>
>
Without seeing the policy I would figure you did not define CZfwa_t
within this module but used without out a optional_policy block around
it. You have a couple of choices either add the optional_policy block
or install both pp files with the same semodule command.
semodule -i CZwd.pp CZfwa.pp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk8NjbAACgkQrlYvE4MpobOKeQCeOZdRV0yyTzrP8ZuHNl0YjBmq
qRQAnjtmVaDpe9V4bJObY9fP+T+V2kvy
=SKZ4
-----END PGP SIGNATURE-----
More information about the selinux
mailing list