Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Michael Velten <mvelti@×××.de>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] SELinux Issues
Date: Thu, 08 Jan 2004 01:33:11
Message-Id: 200401080231.38435.mvelti@web.de
In Reply to: Re: [gentoo-hardened] SELinux Issues by gOA-pSY
1 Hi,
2
3 I made an update as well and had the same problem. Because I did not do many
4 changes to the default policy I solved it as followed:
5
6 delete old policy:
7 rm /etc/security/selinux/policy.15
8 rm -rf /etc/security/selinux/src/
9
10 remerge base policy:
11 emerge selinux-base-policy
12
13 Reload policy and it works. Hope it will help you..
14
15 On Wednesday 07 January 2004 21:18, gOA-pSY wrote:
16 > Hi Chris,
17 >
18 > # pwd
19 > /etc/security/selinux/src/policy
20 >
21 > # ls -sail types/
22 > total 80
23 > 2179429 8 drwxr-xr-x 2 root root 4096 Jan 3 21:46 .
24 > 2179427 8 drwxr-xr-x 8 root root 4096 Jan 3 21:46 ..
25 > 574179 8 -rw-r--r-- 1 root root 2819 Jan 5 12:21
26 > device.te 574184 8 -rw-r--r-- 1 root root 382 Jan 5
27 > 12:21 devpts.te 574185 12 -rw-r--r-- 1 root root 6869 Jan
28 > 5 12:21 file.te 574186 12 -rw-r--r-- 1 root root 6098 Jan
29 > 5 12:21 network.te 2179421 8 -rw-r--r-- 1 root root 447
30 > Jan 5 12:21 nfs.te 574188 8 -rw-r--r-- 1 root root 1235
31 > Jan 5 12:21 procfs.te 574189 8 -rw-r--r-- 1 root root
32 > 814 Jan 5 12:21 security.te
33 >
34 > # make load
35 > mkdir -p /etc/security/selinux
36 > /usr/bin/checkpolicy -o /etc/security/selinux/policy.15
37 > /etc/security/selinux/src/policy.conf /usr/bin/checkpolicy: loading policy
38 > configuration from /etc/security/selinux/src/policy.conf security: 3
39 > users, 6 roles, 364 types
40 > security: 30 classes, 22938 rules
41 > assertion on line 37286 violated by allow devfsd_t etc_t:lnk_file { setattr
42 > relabelto }; assertion on line 37285 violated by allow devfsd_t etc_t:dir {
43 > setattr }; make: *** [/etc/security/selinux/policy.15] Error 1
44 >
45 > # make reload
46 > mkdir -p /etc/security/selinux
47 > /usr/bin/checkpolicy -o /etc/security/selinux/policy.15
48 > /etc/security/selinux/src/policy.conf /usr/bin/checkpolicy: loading policy
49 > configuration from /etc/security/selinux/src/policy.conf security: 3
50 > users, 6 roles, 364 types
51 > security: 30 classes, 22938 rules
52 > assertion on line 37286 violated by allow devfsd_t etc_t:lnk_file { setattr
53 > relabelto }; assertion on line 37285 violated by allow devfsd_t etc_t:dir {
54 > setattr }; make: *** [/etc/security/selinux/policy.15] Error 1
55 >
56 > i remerged selinux-base-policy-20031225 and portage reports no files
57 > to be updated with etc-update, so all files should be up2date... :-(
58 >
59 > CP> It looks like you either didn't merge the changes in the types
60 > directory CP> of your policy (file.te and device.te), or you didn't load
61 > the policy CP> after merging the changes. These contexts are new in the
62 > 20031225 CP> policy.
63
64
65 --
66 gentoo-hardened@g.o mailing list

Replies

Subject Author
[gentoo-hardened] Re: SELinux Issues cmulcahy@×××××.com
Report Message
Find on MARC Find on Google Groups