Re: [gentoo-hardened] building gentoo hardened - selinux - gentoo-hardened

From:	Victor Banatean <Pie_Oh_Pah@×××.net>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] building gentoo hardened - selinux
Date:	Wed, 15 Sep 2004 15:04:10
Message-Id:	`41485BFD.8020405@gmx.net`
In Reply to:	RE: [gentoo-hardened] building gentoo hardened - selinux by Chris PeBenito

1

Hi Chris,

2

3

is there a work around,e.g. to mount a part of

4

the new iso and try make load again?

5

6

Thanks in advance.

7

8

Victor

9

10

Chris PeBenito wrote:

11

12

>I just modified the current livecd and put in a new policy.  I'm

13

>uploading it to http://dev.gentoo.org/~pebenito/.  I've got slow upload,

14

>so check back in at least an hour.  Someone please test to verify it

15

>fixes the load problem.

16

>

17

>On Wed, 2004-09-15 at 06:59, Chris PeBenito wrote:

18

>

19

>

20

>>This all has to do with the headers update that has been going on for

21

>>the last couple weeks.  The livecd has to be updated too, and I

22

>>overlooked this fact.  I'll try to get a new livecd out ASAP.

23

>>

24

>>

25

>>On Tue, 2004-09-14 at 20:04, Richard Simpson wrote:

26

>>

27

>>

28

>>>Brian-

29

>>>

30

>>>Look in /usr/src/linux/security/selinux/include/security.h to see what

31

>>>policy versions your kernel is compatible with. My 2.6.7-r8 kernel

32

>>>lists 15 min and 17 max, so I was able to use POLICYCOMPAT = -c 17.

33

>>>AFAIK the policy compiler is only backwards compatible 1 version

34

>>>level.

35

>>>

36

>>>For some reason emerge chose to merge selinux-base-policy-20040906 on

37

>>>my system too even though that package is flagged ~x86, and I found

38

>>>out after the fact that it's not compatible with my kernel. I would

39

>>>like to see hardened-dev-sources noted in the changelog what policy

40

>>>versions it supports, rather than having to dig through the headers

41

>>>after its emerged.

42

>>>

43

>>>Richard.

44

>>>        -----Original Message-----

45

>>>        From: Brian Fernald [mailto:bfernald@×××××.com]

46

>>>        Sent: Tuesday, September 14, 2004 4:47 PM

47

>>>        To: gentoo-hardened@l.g.o

48

>>>        Subject: [gentoo-hardened] building gentoo hardened - selinux

49

>>>

50

>>>

51

>>>        Hi,

52

>>>

53

>>>        I have just walked through the Gentoo SELinux handbook to

54

>>>        build a new system.    Whenever I come to the point of loading

55

>>>        the security policy,  it attempts to build a Policy of version

56

>>>        18 ..  It reports the following :

57

>>>

58

>>>         make load

59

>>>         * Creating policy.conf

60

>>>         * Policy version: 18

61

>>>         * Kernel version: 16

62

>>>         * WARNING: Policy version mismatch.  Is your POLICYCOMPAT set

63

>>>        correctly?

64

>>>         *  See

65

>>>        http://hardened.gentoo.org/selinux/selinux-policy.xml#doc_chap6

66

>>>         *  for more information.

67

>>>         * Compiling and installing policy.18

68

>>>        /usr/bin/checkpolicy:  loading policy configuration from

69

>>>        /etc/security/selinux/src/policy.conf

70

>>>        security:  3 users, 5 roles, 367 types, 1 bools

71

>>>        security:  51 classes, 24552 rules

72

>>>        /usr/bin/checkpolicy:  policy configuration loaded

73

>>>        /usr/bin/checkpolicy:  writing binary representation (version

74

>>>        18) to /etc/security/selinux/policy.18

75

>>>         * Building file_contexts

76

>>>         * Installing file_contexts

77

>>>         * Loading policy.18

78

>>>        /usr/sbin/load_policy:  security_load_policy failed

79

>>>        make: *** [tmp/load] Error 3

80

>>>

81

>>>

82

>>>        ... i then changed   POLICYCOMPAT  to be 16 and tried again :

83

>>>

84

>>>         make load

85

>>>         * Policy version: 16

86

>>>         * Kernel version: 16

87

>>>         * Compiling and installing policy.16

88

>>>        /usr/bin/checkpolicy:  loading policy configuration from

89

>>>        /etc/security/selinux/src/policy.conf

90

>>>        security:  3 users, 5 roles, 367 types, 1 bools

91

>>>        security:  51 classes, 24552 rules

92

>>>        /usr/bin/checkpolicy:  policy configuration loaded

93

>>>        /usr/bin/checkpolicy:  writing binary representation (version

94

>>>        16) to /etc/security/selinux/policy.16

95

>>>         * Loading policy.16

96

>>>        /usr/sbin/load_policy:  security_load_policy failed

97

>>>        make: *** [tmp/load] Error 3

98

>>>

99

>>>

100

>>>        it still fails.

101

>>>

102

>>>        The system is currently booted to the LiveCD (as per

103

>>>        instructions)..  the kernel downloaded and build was

104

>>>        2.6.7-hardened-r8  (emerge hardened-dev-sources)  ..

105

>>>

106

>>>        Could anyone shed some light on what I am doing incorrectly ?

107

>>>

108

>>>        Thanks,

109

>>>

110

>>>        Brian

111

>>>

112

>>>

113

>>>

114

115

--

116

gentoo-hardened@g.o mailing list

Gentoo Archives: gentoo-hardened

Replies

1	Hi Chris,
2
3	is there a work around,e.g. to mount a part of
4	the new iso and try make load again?
5
6	Thanks in advance.
7
8	Victor
9
10	Chris PeBenito wrote:
11
12	>I just modified the current livecd and put in a new policy. I'm
13	>uploading it to http://dev.gentoo.org/~pebenito/. I've got slow upload,
14	>so check back in at least an hour. Someone please test to verify it
15	>fixes the load problem.
16	>
17	>On Wed, 2004-09-15 at 06:59, Chris PeBenito wrote:
18	>
19	>
20	>>This all has to do with the headers update that has been going on for
21	>>the last couple weeks. The livecd has to be updated too, and I
22	>>overlooked this fact. I'll try to get a new livecd out ASAP.
23	>>
24	>>
25	>>On Tue, 2004-09-14 at 20:04, Richard Simpson wrote:
26	>>
27	>>
28	>>>Brian-
29	>>>
30	>>>Look in /usr/src/linux/security/selinux/include/security.h to see what
31	>>>policy versions your kernel is compatible with. My 2.6.7-r8 kernel
32	>>>lists 15 min and 17 max, so I was able to use POLICYCOMPAT = -c 17.
33	>>>AFAIK the policy compiler is only backwards compatible 1 version
34	>>>level.
35	>>>
36	>>>For some reason emerge chose to merge selinux-base-policy-20040906 on
37	>>>my system too even though that package is flagged ~x86, and I found
38	>>>out after the fact that it's not compatible with my kernel. I would
39	>>>like to see hardened-dev-sources noted in the changelog what policy
40	>>>versions it supports, rather than having to dig through the headers
41	>>>after its emerged.
42	>>>
43	>>>Richard.
44	>>> -----Original Message-----
45	>>> From: Brian Fernald [mailto:bfernald@×××××.com]
46	>>> Sent: Tuesday, September 14, 2004 4:47 PM
47	>>> To: gentoo-hardened@l.g.o
48	>>> Subject: [gentoo-hardened] building gentoo hardened - selinux
49	>>>
50	>>>
51	>>> Hi,
52	>>>
53	>>> I have just walked through the Gentoo SELinux handbook to
54	>>> build a new system. Whenever I come to the point of loading
55	>>> the security policy, it attempts to build a Policy of version
56	>>> 18 .. It reports the following :
57	>>>
58	>>> make load
59	>>> * Creating policy.conf
60	>>> * Policy version: 18
61	>>> * Kernel version: 16
62	>>> * WARNING: Policy version mismatch. Is your POLICYCOMPAT set
63	>>> correctly?
64	>>> * See
65	>>> http://hardened.gentoo.org/selinux/selinux-policy.xml#doc_chap6
66	>>> * for more information.
67	>>> * Compiling and installing policy.18
68	>>> /usr/bin/checkpolicy: loading policy configuration from
69	>>> /etc/security/selinux/src/policy.conf
70	>>> security: 3 users, 5 roles, 367 types, 1 bools
71	>>> security: 51 classes, 24552 rules
72	>>> /usr/bin/checkpolicy: policy configuration loaded
73	>>> /usr/bin/checkpolicy: writing binary representation (version
74	>>> 18) to /etc/security/selinux/policy.18
75	>>> * Building file_contexts
76	>>> * Installing file_contexts
77	>>> * Loading policy.18
78	>>> /usr/sbin/load_policy: security_load_policy failed
79	>>> make: *** [tmp/load] Error 3
80	>>>
81	>>>
82	>>> ... i then changed POLICYCOMPAT to be 16 and tried again :
83	>>>
84	>>> make load
85	>>> * Policy version: 16
86	>>> * Kernel version: 16
87	>>> * Compiling and installing policy.16
88	>>> /usr/bin/checkpolicy: loading policy configuration from
89	>>> /etc/security/selinux/src/policy.conf
90	>>> security: 3 users, 5 roles, 367 types, 1 bools
91	>>> security: 51 classes, 24552 rules
92	>>> /usr/bin/checkpolicy: policy configuration loaded
93	>>> /usr/bin/checkpolicy: writing binary representation (version
94	>>> 16) to /etc/security/selinux/policy.16
95	>>> * Loading policy.16
96	>>> /usr/sbin/load_policy: security_load_policy failed
97	>>> make: *** [tmp/load] Error 3
98	>>>
99	>>>
100	>>> it still fails.
101	>>>
102	>>> The system is currently booted to the LiveCD (as per
103	>>> instructions).. the kernel downloaded and build was
104	>>> 2.6.7-hardened-r8 (emerge hardened-dev-sources) ..
105	>>>
106	>>> Could anyone shed some light on what I am doing incorrectly ?
107	>>>
108	>>> Thanks,
109	>>>
110	>>> Brian
111	>>>
112	>>>
113	>>>
114
115	--
116	gentoo-hardened@g.o mailing list