1 |
Hi, |
2 |
|
3 |
I made an update as well and had the same problem. Because I did not do many |
4 |
changes to the default policy I solved it as followed: |
5 |
|
6 |
delete old policy: |
7 |
rm /etc/security/selinux/policy.15 |
8 |
rm -rf /etc/security/selinux/src/ |
9 |
|
10 |
remerge base policy: |
11 |
emerge selinux-base-policy |
12 |
|
13 |
Reload policy and it works. Hope it will help you.. |
14 |
|
15 |
On Wednesday 07 January 2004 21:18, gOA-pSY wrote: |
16 |
> Hi Chris, |
17 |
> |
18 |
> # pwd |
19 |
> /etc/security/selinux/src/policy |
20 |
> |
21 |
> # ls -sail types/ |
22 |
> total 80 |
23 |
> 2179429 8 drwxr-xr-x 2 root root 4096 Jan 3 21:46 . |
24 |
> 2179427 8 drwxr-xr-x 8 root root 4096 Jan 3 21:46 .. |
25 |
> 574179 8 -rw-r--r-- 1 root root 2819 Jan 5 12:21 |
26 |
> device.te 574184 8 -rw-r--r-- 1 root root 382 Jan 5 |
27 |
> 12:21 devpts.te 574185 12 -rw-r--r-- 1 root root 6869 Jan |
28 |
> 5 12:21 file.te 574186 12 -rw-r--r-- 1 root root 6098 Jan |
29 |
> 5 12:21 network.te 2179421 8 -rw-r--r-- 1 root root 447 |
30 |
> Jan 5 12:21 nfs.te 574188 8 -rw-r--r-- 1 root root 1235 |
31 |
> Jan 5 12:21 procfs.te 574189 8 -rw-r--r-- 1 root root |
32 |
> 814 Jan 5 12:21 security.te |
33 |
> |
34 |
> # make load |
35 |
> mkdir -p /etc/security/selinux |
36 |
> /usr/bin/checkpolicy -o /etc/security/selinux/policy.15 |
37 |
> /etc/security/selinux/src/policy.conf /usr/bin/checkpolicy: loading policy |
38 |
> configuration from /etc/security/selinux/src/policy.conf security: 3 |
39 |
> users, 6 roles, 364 types |
40 |
> security: 30 classes, 22938 rules |
41 |
> assertion on line 37286 violated by allow devfsd_t etc_t:lnk_file { setattr |
42 |
> relabelto }; assertion on line 37285 violated by allow devfsd_t etc_t:dir { |
43 |
> setattr }; make: *** [/etc/security/selinux/policy.15] Error 1 |
44 |
> |
45 |
> # make reload |
46 |
> mkdir -p /etc/security/selinux |
47 |
> /usr/bin/checkpolicy -o /etc/security/selinux/policy.15 |
48 |
> /etc/security/selinux/src/policy.conf /usr/bin/checkpolicy: loading policy |
49 |
> configuration from /etc/security/selinux/src/policy.conf security: 3 |
50 |
> users, 6 roles, 364 types |
51 |
> security: 30 classes, 22938 rules |
52 |
> assertion on line 37286 violated by allow devfsd_t etc_t:lnk_file { setattr |
53 |
> relabelto }; assertion on line 37285 violated by allow devfsd_t etc_t:dir { |
54 |
> setattr }; make: *** [/etc/security/selinux/policy.15] Error 1 |
55 |
> |
56 |
> i remerged selinux-base-policy-20031225 and portage reports no files |
57 |
> to be updated with etc-update, so all files should be up2date... :-( |
58 |
> |
59 |
> CP> It looks like you either didn't merge the changes in the types |
60 |
> directory CP> of your policy (file.te and device.te), or you didn't load |
61 |
> the policy CP> after merging the changes. These contexts are new in the |
62 |
> 20031225 CP> policy. |
63 |
|
64 |
|
65 |
-- |
66 |
gentoo-hardened@g.o mailing list |