[gentoo-hardened] problem with new policies? - gentoo-hardened

From:	Roel Vromen <roel@××××××.net>
To:	gentoo-hardened@××××××××××××.org
Subject:	[gentoo-hardened] problem with new policies?
Date:	Thu, 31 Mar 2005 19:54:06
Message-Id:	`200503312154.07142.roel@vromen.net`

1

Hi List,

2

3

I've probably got a very n00by problem heren, but after coming home after some 

4

time abroad, I emerge synced and did an emerge -u world on my gentoo hardened 

5

boxes.

6

7

When setting the selinux labels, I now get errors obviously pointing at 

8

hotplug and udev contexts (both of which I do not use on my server). some 

9

examples:

10

-------------

11

>>> Setting SELinux security labels

12

/usr/sbin/setfiles:  read 729 specifications

13

/usr/sbin/setfiles:  invalid context system_u:object_r:hotplug_etc_t on line 

14

num                      ber 651

15

/usr/sbin/setfiles:  invalid context system_u:object_r:hotplug_exec_t on line 

16

nu                      mber 652

17

/usr/sbin/setfiles:  invalid context system_u:object_r:hotplug_exec_t on line 

18

nu                      mber 653

19

/usr/sbin/setfiles:  invalid context system_u:object_r:hotplug_exec_t on line 

20

nu                      mber 654

21

/usr/sbin/setfiles:  invalid context system_u:object_r:hotplug_var_run_t on 

22

line                       number 660

23

/usr/sbin/setfiles:  invalid context system_u:object_r:hotplug_var_run_t on 

24

line                       number 661

25

/usr/sbin/setfiles:  invalid context system_u:object_r:hotplug_exec_t on line 

26

nu                      mber 662

27

/usr/sbin/setfiles:  invalid context system_u:object_r:restorecon_exec_t on 

28

line                       number 912

29

/usr/sbin/setfiles:  invalid context system_u:object_r:udev_exec_t on line 

30

numbe                      r 952

31

Exiting after 10 errors.

32

-------------

33

34

a 'make' of the polixy now loeads to all kind of errors like:

35

------------

36

#line 18

37

domains/admin.te:18:ERROR 'permission connected_socket_perms is not defined 

38

for class tcp_socket' at token ';' on line 4297:

39

-----------

40

41

Any idea what I'm doing wrong? I'm just using stable packages, and before I 

42

emerge synced etc, I was doing fine!

43

44

Some info:  

45

- kernel version = 2.6.10-hardened-r3

46

- emerge info gives the following use flags: USE="apache2 berkdb crypt 

47

dlloader hardened hardenedphp innodb jpeg ldap libwww mysql ncurses nls nptl 

48

pam perl php pic pie png python readline selinux ssl x86 zlib"

49

- policy version = 18.

50

51

Thanx,

52

53

Roel

Gentoo Archives: gentoo-hardened

Replies

1	Hi List,
2
3	I've probably got a very n00by problem heren, but after coming home after some
4	time abroad, I emerge synced and did an emerge -u world on my gentoo hardened
5	boxes.
6
7	When setting the selinux labels, I now get errors obviously pointing at
8	hotplug and udev contexts (both of which I do not use on my server). some
9	examples:
10	-------------
11	>>> Setting SELinux security labels
12	/usr/sbin/setfiles: read 729 specifications
13	/usr/sbin/setfiles: invalid context system_u:object_r:hotplug_etc_t on line
14	num ber 651
15	/usr/sbin/setfiles: invalid context system_u:object_r:hotplug_exec_t on line
16	nu mber 652
17	/usr/sbin/setfiles: invalid context system_u:object_r:hotplug_exec_t on line
18	nu mber 653
19	/usr/sbin/setfiles: invalid context system_u:object_r:hotplug_exec_t on line
20	nu mber 654
21	/usr/sbin/setfiles: invalid context system_u:object_r:hotplug_var_run_t on
22	line number 660
23	/usr/sbin/setfiles: invalid context system_u:object_r:hotplug_var_run_t on
24	line number 661
25	/usr/sbin/setfiles: invalid context system_u:object_r:hotplug_exec_t on line
26	nu mber 662
27	/usr/sbin/setfiles: invalid context system_u:object_r:restorecon_exec_t on
28	line number 912
29	/usr/sbin/setfiles: invalid context system_u:object_r:udev_exec_t on line
30	numbe r 952
31	Exiting after 10 errors.
32	-------------
33
34	a 'make' of the polixy now loeads to all kind of errors like:
35	------------
36	#line 18
37	domains/admin.te:18:ERROR 'permission connected_socket_perms is not defined
38	for class tcp_socket' at token ';' on line 4297:
39	-----------
40
41	Any idea what I'm doing wrong? I'm just using stable packages, and before I
42	emerge synced etc, I was doing fine!
43
44	Some info:
45	- kernel version = 2.6.10-hardened-r3
46	- emerge info gives the following use flags: USE="apache2 berkdb crypt
47	dlloader hardened hardenedphp innodb jpeg ldap libwww mysql ncurses nls nptl
48	pam perl php pic pie png python readline selinux ssl x86 zlib"
49	- policy version = 18.
50
51	Thanx,
52
53	Roel