Re: [gentoo-hardened] building gentoo hardened - selinux - gentoo-hardened

From:	Victor Banatean <Pie_Oh_Pah@×××.net>
To:	gentoo-hardened@l.g.o
Subject:	Re: [gentoo-hardened] building gentoo hardened - selinux
Date:	Wed, 15 Sep 2004 07:00:45
Message-Id:	`4147EAB2.7060702@gmx.net`
In Reply to:	RE: [gentoo-hardened] building gentoo hardened - selinux by Richard Simpson

1

Hi Brian,

2

3

I had the same problem last night,

4

however this morning I got a work around,

5

yet I am not sure if it is correct or not,cause

6

I am a SELinux newbie.

7

8

At this point I reboot and logged into the new

9

created system,whilst I answered the question,

10

after I entered root as user,with  yes and  entered

11

the following:

12

13

first question (roll: I think it was)  I answered with

14

15

sysadm_r

16

17

and the next question I answered with

18

19

sysadm_t

20

21

After the login I cd into /etc/security/sellinux/src/policy.

22

Then I punched in the following commands:

23

24

make clean

25

make load

26

make relabel

27

28

It went all well so far,nevertheless as I mentioned earlier,

29

I am not 100% sure if it is 100% save or if I did miss

30

something.

31

32

33

Hope I could help.

34

35

Victor

36

37

PS: Next hours I will be at the gym,cu than.

38

39

Richard Simpson wrote:

40

41

>Brian-

42

>

43

>Upon further investigation it looks like the policy exports the headers to

44

>the kernel, so maybe you will have to unmerge and then merge the older

45

>policy. 0702 should work.

46

>

47

>Richard.

48

>

49

>

50

>

51

>>-----Original Message-----

52

>>From: Brian Fernald [mailto:bscottfernald@×××××.com]

53

>>Sent: Tuesday, September 14, 2004 6:22 PM

54

>>To: Richard Simpson

55

>>Cc: gentoo-hardened@l.g.o

56

>>Subject: Re: [gentoo-hardened] building gentoo hardened - selinux

57

>>

58

>>

59

>>Hi Richard,

60

>>

61

>>my security.h lists   15 - 17..  however, no matter which I build

62

>>(POLICYCOMPAT), it still fails to load.   I am quite perplexed..  have

63

>>re-completed multiple rebuilds of gentoo just to make sure I am not

64

>>missing something...    yet, everytime, can't load any policy...

65

>>

66

>>Brian

67

>>

68

>>

69

>>

70

>>----- Original Message -----

71

>>From: Richard Simpson <richard.simpson@×××××.com>

72

>>Date: Tue, 14 Sep 2004 18:04:15 -0600

73

>>Subject: RE: [gentoo-hardened] building gentoo hardened - selinux

74

>>To: Brian Fernald <bfernald@×××××.com>, gentoo-hardened@l.g.o

75

>>

76

>>

77

>>Brian-

78

>>

79

>>Look in /usr/src/linux/security/selinux/include/security.h to see what

80

>>policy versions your kernel is compatible with. My 2.6.7-r8 kernel

81

>>lists 15 min and 17 max, so I was able to use POLICYCOMPAT = -c 17.

82

>>AFAIK the policy compiler is only backwards compatible 1 version

83

>>level.

84

>>

85

>>For some reason emerge chose to merge selinux-base-policy-20040906 on

86

>>my system too even though that package is flagged ~x86, and I found

87

>>out after the fact that it's not compatible with my kernel. I would

88

>>like to see hardened-dev-sources noted in the changelog what policy

89

>>versions it supports, rather than having to dig through the headers

90

>>after its emerged.

91

>>

92

>>Richard.

93

>>

94

>>

95

>>

96

>>-----Original Message-----

97

>>From: Brian Fernald [mailto:bfernald@×××××.com]

98

>>Sent: Tuesday, September 14, 2004 4:47 PM

99

>>To: gentoo-hardened@l.g.o

100

>>Subject: [gentoo-hardened] building gentoo hardened - selinux

101

>>

102

>>

103

>>Hi,

104

>>

105

>>I have just walked through the Gentoo SELinux handbook to build a new

106

>>system.    Whenever I come to the point of loading the security

107

>>policy,  it attempts to build a Policy of version 18 ..  It reports

108

>>the following :

109

>>

110

>> make load

111

>> * Creating policy.conf

112

>> * Policy version: 18

113

>> * Kernel version: 16

114

>> * WARNING: Policy version mismatch.  Is your POLICYCOMPAT set correctly?

115

>> *  See http://hardened.gentoo.org/selinux/selinux-policy.xml#doc_chap6

116

>> *  for more information.

117

>> * Compiling and installing policy.18

118

>>/usr/bin/checkpolicy:  loading policy configuration from

119

>>/etc/security/selinux/src/policy.conf

120

>>security:  3 users, 5 roles, 367 types, 1 bools

121

>>security:  51 classes, 24552 rules

122

>>/usr/bin/checkpolicy:  policy configuration loaded

123

>>/usr/bin/checkpolicy:  writing binary representation (version 18) to

124

>>/etc/security/selinux/policy.18

125

>> * Building file_contexts

126

>> * Installing file_contexts

127

>> * Loading policy.18

128

>>/usr/sbin/load_policy:  security_load_policy failed

129

>>make: *** [tmp/load] Error 3

130

>>

131

>>

132

>>... i then changed   POLICYCOMPAT  to be 16 and tried again :

133

>>

134

>> make load

135

>> * Policy version: 16

136

>> * Kernel version: 16

137

>> * Compiling and installing policy.16

138

>>/usr/bin/checkpolicy:  loading policy configuration from

139

>>/etc/security/selinux/src/policy.conf

140

>>security:  3 users, 5 roles, 367 types, 1 bools

141

>>security:  51 classes, 24552 rules

142

>>/usr/bin/checkpolicy:  policy configuration loaded

143

>>/usr/bin/checkpolicy:  writing binary representation (version 16) to

144

>>/etc/security/selinux/policy.16

145

>> * Loading policy.16

146

>>/usr/sbin/load_policy:  security_load_policy failed

147

>>make: *** [tmp/load] Error 3

148

>>

149

>>

150

>>it still fails.

151

>>

152

>>The system is currently booted to the LiveCD (as per instructions)..

153

>>the kernel downloaded and build was 2.6.7-hardened-r8  (emerge

154

>>hardened-dev-sources)  ..

155

>>

156

>>Could anyone shed some light on what I am doing incorrectly ?

157

>>

158

>>Thanks,

159

>>

160

>>Brian

161

>>

162

>>

163

>>

164

>>

165

>

166

>

167

>--

168

>gentoo-hardened@g.o mailing list

169

>

170

>

171

>

172

>

173

174

--

175

gentoo-hardened@g.o mailing list

1	Hi Brian,
2
3	I had the same problem last night,
4	however this morning I got a work around,
5	yet I am not sure if it is correct or not,cause
6	I am a SELinux newbie.
7
8	At this point I reboot and logged into the new
9	created system,whilst I answered the question,
10	after I entered root as user,with yes and entered
11	the following:
12
13	first question (roll: I think it was) I answered with
14
15	sysadm_r
16
17	and the next question I answered with
18
19	sysadm_t
20
21	After the login I cd into /etc/security/sellinux/src/policy.
22	Then I punched in the following commands:
23
24	make clean
25	make load
26	make relabel
27
28	It went all well so far,nevertheless as I mentioned earlier,
29	I am not 100% sure if it is 100% save or if I did miss
30	something.
31
32
33	Hope I could help.
34
35	Victor
36
37	PS: Next hours I will be at the gym,cu than.
38
39	Richard Simpson wrote:
40
41	>Brian-
42	>
43	>Upon further investigation it looks like the policy exports the headers to
44	>the kernel, so maybe you will have to unmerge and then merge the older
45	>policy. 0702 should work.
46	>
47	>Richard.
48	>
49	>
50	>
51	>>-----Original Message-----
52	>>From: Brian Fernald [mailto:bscottfernald@×××××.com]
53	>>Sent: Tuesday, September 14, 2004 6:22 PM
54	>>To: Richard Simpson
55	>>Cc: gentoo-hardened@l.g.o
56	>>Subject: Re: [gentoo-hardened] building gentoo hardened - selinux
57	>>
58	>>
59	>>Hi Richard,
60	>>
61	>>my security.h lists 15 - 17.. however, no matter which I build
62	>>(POLICYCOMPAT), it still fails to load. I am quite perplexed.. have
63	>>re-completed multiple rebuilds of gentoo just to make sure I am not
64	>>missing something... yet, everytime, can't load any policy...
65	>>
66	>>Brian
67	>>
68	>>
69	>>
70	>>----- Original Message -----
71	>>From: Richard Simpson <richard.simpson@×××××.com>
72	>>Date: Tue, 14 Sep 2004 18:04:15 -0600
73	>>Subject: RE: [gentoo-hardened] building gentoo hardened - selinux
74	>>To: Brian Fernald <bfernald@×××××.com>, gentoo-hardened@l.g.o
75	>>
76	>>
77	>>Brian-
78	>>
79	>>Look in /usr/src/linux/security/selinux/include/security.h to see what
80	>>policy versions your kernel is compatible with. My 2.6.7-r8 kernel
81	>>lists 15 min and 17 max, so I was able to use POLICYCOMPAT = -c 17.
82	>>AFAIK the policy compiler is only backwards compatible 1 version
83	>>level.
84	>>
85	>>For some reason emerge chose to merge selinux-base-policy-20040906 on
86	>>my system too even though that package is flagged ~x86, and I found
87	>>out after the fact that it's not compatible with my kernel. I would
88	>>like to see hardened-dev-sources noted in the changelog what policy
89	>>versions it supports, rather than having to dig through the headers
90	>>after its emerged.
91	>>
92	>>Richard.
93	>>
94	>>
95	>>
96	>>-----Original Message-----
97	>>From: Brian Fernald [mailto:bfernald@×××××.com]
98	>>Sent: Tuesday, September 14, 2004 4:47 PM
99	>>To: gentoo-hardened@l.g.o
100	>>Subject: [gentoo-hardened] building gentoo hardened - selinux
101	>>
102	>>
103	>>Hi,
104	>>
105	>>I have just walked through the Gentoo SELinux handbook to build a new
106	>>system. Whenever I come to the point of loading the security
107	>>policy, it attempts to build a Policy of version 18 .. It reports
108	>>the following :
109	>>
110	>> make load
111	>> * Creating policy.conf
112	>> * Policy version: 18
113	>> * Kernel version: 16
114	>> * WARNING: Policy version mismatch. Is your POLICYCOMPAT set correctly?
115	>> * See http://hardened.gentoo.org/selinux/selinux-policy.xml#doc_chap6
116	>> * for more information.
117	>> * Compiling and installing policy.18
118	>>/usr/bin/checkpolicy: loading policy configuration from
119	>>/etc/security/selinux/src/policy.conf
120	>>security: 3 users, 5 roles, 367 types, 1 bools
121	>>security: 51 classes, 24552 rules
122	>>/usr/bin/checkpolicy: policy configuration loaded
123	>>/usr/bin/checkpolicy: writing binary representation (version 18) to
124	>>/etc/security/selinux/policy.18
125	>> * Building file_contexts
126	>> * Installing file_contexts
127	>> * Loading policy.18
128	>>/usr/sbin/load_policy: security_load_policy failed
129	>>make: *** [tmp/load] Error 3
130	>>
131	>>
132	>>... i then changed POLICYCOMPAT to be 16 and tried again :
133	>>
134	>> make load
135	>> * Policy version: 16
136	>> * Kernel version: 16
137	>> * Compiling and installing policy.16
138	>>/usr/bin/checkpolicy: loading policy configuration from
139	>>/etc/security/selinux/src/policy.conf
140	>>security: 3 users, 5 roles, 367 types, 1 bools
141	>>security: 51 classes, 24552 rules
142	>>/usr/bin/checkpolicy: policy configuration loaded
143	>>/usr/bin/checkpolicy: writing binary representation (version 16) to
144	>>/etc/security/selinux/policy.16
145	>> * Loading policy.16
146	>>/usr/sbin/load_policy: security_load_policy failed
147	>>make: *** [tmp/load] Error 3
148	>>
149	>>
150	>>it still fails.
151	>>
152	>>The system is currently booted to the LiveCD (as per instructions)..
153	>>the kernel downloaded and build was 2.6.7-hardened-r8 (emerge
154	>>hardened-dev-sources) ..
155	>>
156	>>Could anyone shed some light on what I am doing incorrectly ?
157	>>
158	>>Thanks,
159	>>
160	>>Brian
161	>>
162	>>
163	>>
164	>>
165	>
166	>
167	>--
168	>gentoo-hardened@g.o mailing list
169	>
170	>
171	>
172	>
173
174	--
175	gentoo-hardened@g.o mailing list

Gentoo Archives: gentoo-hardened