1 |
Hi Chris, |
2 |
|
3 |
# pwd |
4 |
/etc/security/selinux/src/policy |
5 |
|
6 |
# ls -sail types/ |
7 |
total 80 |
8 |
2179429 8 drwxr-xr-x 2 root root 4096 Jan 3 21:46 . |
9 |
2179427 8 drwxr-xr-x 8 root root 4096 Jan 3 21:46 .. |
10 |
574179 8 -rw-r--r-- 1 root root 2819 Jan 5 12:21 device.te |
11 |
574184 8 -rw-r--r-- 1 root root 382 Jan 5 12:21 devpts.te |
12 |
574185 12 -rw-r--r-- 1 root root 6869 Jan 5 12:21 file.te |
13 |
574186 12 -rw-r--r-- 1 root root 6098 Jan 5 12:21 network.te |
14 |
2179421 8 -rw-r--r-- 1 root root 447 Jan 5 12:21 nfs.te |
15 |
574188 8 -rw-r--r-- 1 root root 1235 Jan 5 12:21 procfs.te |
16 |
574189 8 -rw-r--r-- 1 root root 814 Jan 5 12:21 security.te |
17 |
|
18 |
# make load |
19 |
mkdir -p /etc/security/selinux |
20 |
/usr/bin/checkpolicy -o /etc/security/selinux/policy.15 /etc/security/selinux/src/policy.conf |
21 |
/usr/bin/checkpolicy: loading policy configuration from /etc/security/selinux/src/policy.conf |
22 |
security: 3 users, 6 roles, 364 types |
23 |
security: 30 classes, 22938 rules |
24 |
assertion on line 37286 violated by allow devfsd_t etc_t:lnk_file { setattr relabelto }; |
25 |
assertion on line 37285 violated by allow devfsd_t etc_t:dir { setattr }; |
26 |
make: *** [/etc/security/selinux/policy.15] Error 1 |
27 |
|
28 |
# make reload |
29 |
mkdir -p /etc/security/selinux |
30 |
/usr/bin/checkpolicy -o /etc/security/selinux/policy.15 /etc/security/selinux/src/policy.conf |
31 |
/usr/bin/checkpolicy: loading policy configuration from /etc/security/selinux/src/policy.conf |
32 |
security: 3 users, 6 roles, 364 types |
33 |
security: 30 classes, 22938 rules |
34 |
assertion on line 37286 violated by allow devfsd_t etc_t:lnk_file { setattr relabelto }; |
35 |
assertion on line 37285 violated by allow devfsd_t etc_t:dir { setattr }; |
36 |
make: *** [/etc/security/selinux/policy.15] Error 1 |
37 |
|
38 |
i remerged selinux-base-policy-20031225 and portage reports no files |
39 |
to be updated with etc-update, so all files should be up2date... :-( |
40 |
|
41 |
CP> It looks like you either didn't merge the changes in the types directory |
42 |
CP> of your policy (file.te and device.te), or you didn't load the policy |
43 |
CP> after merging the changes. These contexts are new in the 20031225 |
44 |
CP> policy. |
45 |
|
46 |
-- |
47 |
greetz, |
48 |
gOA-pSY mailto:goa-psy@×××.net |
49 |
|
50 |
|
51 |
-- |
52 |
gentoo-hardened@g.o mailing list |