Gentoo Archives: gentoo-hardened

From:	gOA-pSY <goa-psy@×××.net>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] SELinux Issues
Date:	Wed, 07 Jan 2004 20:18:52
Message-Id:	`437129517.20040107211818@gmx.net`
In Reply to:	Re: [gentoo-hardened] SELinux Issues by Chris PeBenito

1	Hi Chris,
2
3	# pwd
4	/etc/security/selinux/src/policy
5
6	# ls -sail types/
7	total 80
8	2179429 8 drwxr-xr-x 2 root root 4096 Jan 3 21:46 .
9	2179427 8 drwxr-xr-x 8 root root 4096 Jan 3 21:46 ..
10	574179 8 -rw-r--r-- 1 root root 2819 Jan 5 12:21 device.te
11	574184 8 -rw-r--r-- 1 root root 382 Jan 5 12:21 devpts.te
12	574185 12 -rw-r--r-- 1 root root 6869 Jan 5 12:21 file.te
13	574186 12 -rw-r--r-- 1 root root 6098 Jan 5 12:21 network.te
14	2179421 8 -rw-r--r-- 1 root root 447 Jan 5 12:21 nfs.te
15	574188 8 -rw-r--r-- 1 root root 1235 Jan 5 12:21 procfs.te
16	574189 8 -rw-r--r-- 1 root root 814 Jan 5 12:21 security.te
17
18	# make load
19	mkdir -p /etc/security/selinux
20	/usr/bin/checkpolicy -o /etc/security/selinux/policy.15 /etc/security/selinux/src/policy.conf
21	/usr/bin/checkpolicy: loading policy configuration from /etc/security/selinux/src/policy.conf
22	security: 3 users, 6 roles, 364 types
23	security: 30 classes, 22938 rules
24	assertion on line 37286 violated by allow devfsd_t etc_t:lnk_file { setattr relabelto };
25	assertion on line 37285 violated by allow devfsd_t etc_t:dir { setattr };
26	make: *** [/etc/security/selinux/policy.15] Error 1
27
28	# make reload
29	mkdir -p /etc/security/selinux
30	/usr/bin/checkpolicy -o /etc/security/selinux/policy.15 /etc/security/selinux/src/policy.conf
31	/usr/bin/checkpolicy: loading policy configuration from /etc/security/selinux/src/policy.conf
32	security: 3 users, 6 roles, 364 types
33	security: 30 classes, 22938 rules
34	assertion on line 37286 violated by allow devfsd_t etc_t:lnk_file { setattr relabelto };
35	assertion on line 37285 violated by allow devfsd_t etc_t:dir { setattr };
36	make: *** [/etc/security/selinux/policy.15] Error 1
37
38	i remerged selinux-base-policy-20031225 and portage reports no files
39	to be updated with etc-update, so all files should be up2date... :-(
40
41	CP> It looks like you either didn't merge the changes in the types directory
42	CP> of your policy (file.te and device.te), or you didn't load the policy
43	CP> after merging the changes. These contexts are new in the 20031225
44	CP> policy.
45
46	--
47	greetz,
48	gOA-pSY mailto:goa-psy@×××.net
49
50
51	--
52	gentoo-hardened@g.o mailing list

Replies

Subject	Author
Re: [gentoo-hardened] SELinux Issues	Michael Velten <mvelti@×××.de>

Report Message

Find on MARC Find on Google Groups