Issue with semodule after fedup to Fedora 19

Tony Scully tonyjscully at gmail.com
Sun Aug 11 09:01:24 UTC 2013 

Hi David,

Do you not need to compile the module with checkmodule(8) then package with
semodule_package(8) into a .pp file before importing it?

I don't think semodule can import a type enforcement (.te) file directly?
 Unless this is new to Fedora19?

Cheers,
Tony


On Sun, Aug 11, 2013 at 3:06 AM, David Highley <
dhighley at highley-recommended.com> wrote:

> After doing a fedup upgrade process from Fedora 18 to Fedora 19 I'm
> getting the following error when trying to install a local policy to fix
> some avc issue:
> semodule -i *.te
> libsepol.module_package_read_offsets: wrong magic number for module
> package:  expected 0xf97cff8f, got 0x75646f6d
> libsemanage.parse_module_headers: Could not parse module data.
> semodule:  Failed on my_sosreport.te!
>
> The te file looks like this:
> module my_sosreport 1.0;
>
> require {
>         type sosreport_t;
>         type configfs_t;
>         type devpts_t;
>         type initctl_t;
>         class chr_file { getattr };
>         class dir { getattr };
>         class fifo_file { getattr };
> }
>
> #============= sosreport_t ==============
> allow sosreport_t configfs_t:dir getattr;
> allow sosreport_t devpts_t:chr_file getattr;
> allow sosreport_t initctl_t:fifo_file getattr;
>
> The audit avc look like the following:
> ----
> time->Sat Aug 10 16:38:22 2013
> type=SYSCALL msg=audit(1376177902.497:110): arch=c000003e syscall=16
> success=no
> exit=-65 a0=3 a1=8940 a2=7fff72ed5bf0 a3=7fff72ed59a0 items=0 ppid=3710
> pid=3736
>  auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
> ses=429
> 4967295 tty=(none) comm="brctl" exe="/usr/sbin/brctl"
> subj=system_u:system_r:sos
> report_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1376177902.497:110): avc:  denied  { module_request }
> for  pi
> d=3736 comm="brctl" kmod="bridge"
> scontext=system_u:system_r:sosreport_t:s0-s0:c
> 0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=system
> ----
> time->Sat Aug 10 16:38:22 2013
> type=SYSCALL msg=audit(1376177902.968:111): arch=c000003e syscall=6
> success=no e
> xit=-13 a0=7fff425f9af0 a1=1dcd140 a2=1dcd140 a3=fffff800 items=0
> ppid=3710 pid=
> 3764 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 ses
> =4294967295 tty=(none) comm="ls" exe="/usr/bin/ls"
> subj=system_u:system_r:sosrep
> ort_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1376177902.968:111): avc:  denied  { getattr } for
> pid=3764
> comm="ls" path="/dev/initctl" dev="devtmpfs" ino=8906
> scontext=system_u:system_r
> :sosreport_t:s0-s0:c0.c1023 tcontext=system_u:object_r:initctl_t:s0
> tclass=fifo_
> file
> ----
> ----
> time->Sat Aug 10 16:38:22 2013
> type=SYSCALL msg=audit(1376177902.980:112): arch=c000003e syscall=6
> success=no exit=-13 a0=7fff425f9af0 a1=1ddbb30 a2=1ddbb30 a3=fffffff8
> items=0 ppid=3710 pid=3764 auid=4294967295 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="ls"
> exe="/usr/bin/ls" subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> key=(null)
> type=AVC msg=audit(1376177902.980:112): avc:  denied  { getattr } for
> pid=3764 comm="ls" path="/dev/pts/ptmx" dev="devpts" ino=2
> scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:devpts_t:s0 tclass=chr_file
> ----
> time->Sat Aug 10 16:38:23 2013
> type=SYSCALL msg=audit(1376177903.375:113): arch=c000003e syscall=4
> success=no exit=-13 a0=2051cb0 a1=7fff82adf0c0 a2=7fff82adf0c0 a3=0
> items=0 ppid=3710 pid=3772 auid=4294967295 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="df"
> exe="/usr/bin/df" subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> key=(null)
> type=AVC msg=audit(1376177903.375:113): avc:  denied  { getattr } for
> pid=3772 comm="df" path="/sys/fs/pstore" dev="pstore" ino=9238
> scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:pstorefs_t:s0 tclass=dir
> ----
> time->Sat Aug 10 16:38:23 2013
> type=SYSCALL msg=audit(1376177903.408:114): arch=c000003e syscall=4
> success=no exit=-13 a0=2052470 a1=7fff82adf0c0 a2=7fff82adf0c0 a3=0
> items=0 ppid=3710 pid=3772 auid=4294967295 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="df"
> exe="/usr/bin/df" subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> key=(null)
> type=AVC msg=audit(1376177903.408:114): avc:  denied  { getattr } for
> pid=3772 comm="df" path="/sys/kernel/config" dev="configfs" ino=15409
> scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:configfs_t:s0 tclass=dir
> ----
> time->Sat Aug 10 16:38:24 2013
> type=SYSCALL msg=audit(1376177904.575:115): arch=c000003e syscall=41
> success=no exit=-13 a0=10 a1=80803 a2=f a3=d2be50 items=0 ppid=3710
> pid=3803 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> fsgid=0 ses=4294967295 tty=(none) comm="lsusb" exe="/usr/bin/lsusb"
> subj=system_u:system_r:sosreport_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1376177904.575:115): avc:  denied  { create } for
> pid=3803 comm="lsusb"
> scontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> tcontext=system_u:system_r:sosreport_t:s0-s0:c0.c1023
> tclass=netlink_kobject_uevent_socket
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20130811/87d8de1d/attachment.html>

More information about the selinux mailing list