1 |
Hi Brian, |
2 |
|
3 |
I had the same problem last night, |
4 |
however this morning I got a work around, |
5 |
yet I am not sure if it is correct or not,cause |
6 |
I am a SELinux newbie. |
7 |
|
8 |
At this point I reboot and logged into the new |
9 |
created system,whilst I answered the question, |
10 |
after I entered root as user,with yes and entered |
11 |
the following: |
12 |
|
13 |
first question (roll: I think it was) I answered with |
14 |
|
15 |
sysadm_r |
16 |
|
17 |
and the next question I answered with |
18 |
|
19 |
sysadm_t |
20 |
|
21 |
After the login I cd into /etc/security/sellinux/src/policy. |
22 |
Then I punched in the following commands: |
23 |
|
24 |
make clean |
25 |
make load |
26 |
make relabel |
27 |
|
28 |
It went all well so far,nevertheless as I mentioned earlier, |
29 |
I am not 100% sure if it is 100% save or if I did miss |
30 |
something. |
31 |
|
32 |
|
33 |
Hope I could help. |
34 |
|
35 |
Victor |
36 |
|
37 |
PS: Next hours I will be at the gym,cu than. |
38 |
|
39 |
Richard Simpson wrote: |
40 |
|
41 |
>Brian- |
42 |
> |
43 |
>Upon further investigation it looks like the policy exports the headers to |
44 |
>the kernel, so maybe you will have to unmerge and then merge the older |
45 |
>policy. 0702 should work. |
46 |
> |
47 |
>Richard. |
48 |
> |
49 |
> |
50 |
> |
51 |
>>-----Original Message----- |
52 |
>>From: Brian Fernald [mailto:bscottfernald@×××××.com] |
53 |
>>Sent: Tuesday, September 14, 2004 6:22 PM |
54 |
>>To: Richard Simpson |
55 |
>>Cc: gentoo-hardened@l.g.o |
56 |
>>Subject: Re: [gentoo-hardened] building gentoo hardened - selinux |
57 |
>> |
58 |
>> |
59 |
>>Hi Richard, |
60 |
>> |
61 |
>>my security.h lists 15 - 17.. however, no matter which I build |
62 |
>>(POLICYCOMPAT), it still fails to load. I am quite perplexed.. have |
63 |
>>re-completed multiple rebuilds of gentoo just to make sure I am not |
64 |
>>missing something... yet, everytime, can't load any policy... |
65 |
>> |
66 |
>>Brian |
67 |
>> |
68 |
>> |
69 |
>> |
70 |
>>----- Original Message ----- |
71 |
>>From: Richard Simpson <richard.simpson@×××××.com> |
72 |
>>Date: Tue, 14 Sep 2004 18:04:15 -0600 |
73 |
>>Subject: RE: [gentoo-hardened] building gentoo hardened - selinux |
74 |
>>To: Brian Fernald <bfernald@×××××.com>, gentoo-hardened@l.g.o |
75 |
>> |
76 |
>> |
77 |
>>Brian- |
78 |
>> |
79 |
>>Look in /usr/src/linux/security/selinux/include/security.h to see what |
80 |
>>policy versions your kernel is compatible with. My 2.6.7-r8 kernel |
81 |
>>lists 15 min and 17 max, so I was able to use POLICYCOMPAT = -c 17. |
82 |
>>AFAIK the policy compiler is only backwards compatible 1 version |
83 |
>>level. |
84 |
>> |
85 |
>>For some reason emerge chose to merge selinux-base-policy-20040906 on |
86 |
>>my system too even though that package is flagged ~x86, and I found |
87 |
>>out after the fact that it's not compatible with my kernel. I would |
88 |
>>like to see hardened-dev-sources noted in the changelog what policy |
89 |
>>versions it supports, rather than having to dig through the headers |
90 |
>>after its emerged. |
91 |
>> |
92 |
>>Richard. |
93 |
>> |
94 |
>> |
95 |
>> |
96 |
>>-----Original Message----- |
97 |
>>From: Brian Fernald [mailto:bfernald@×××××.com] |
98 |
>>Sent: Tuesday, September 14, 2004 4:47 PM |
99 |
>>To: gentoo-hardened@l.g.o |
100 |
>>Subject: [gentoo-hardened] building gentoo hardened - selinux |
101 |
>> |
102 |
>> |
103 |
>>Hi, |
104 |
>> |
105 |
>>I have just walked through the Gentoo SELinux handbook to build a new |
106 |
>>system. Whenever I come to the point of loading the security |
107 |
>>policy, it attempts to build a Policy of version 18 .. It reports |
108 |
>>the following : |
109 |
>> |
110 |
>> make load |
111 |
>> * Creating policy.conf |
112 |
>> * Policy version: 18 |
113 |
>> * Kernel version: 16 |
114 |
>> * WARNING: Policy version mismatch. Is your POLICYCOMPAT set correctly? |
115 |
>> * See http://hardened.gentoo.org/selinux/selinux-policy.xml#doc_chap6 |
116 |
>> * for more information. |
117 |
>> * Compiling and installing policy.18 |
118 |
>>/usr/bin/checkpolicy: loading policy configuration from |
119 |
>>/etc/security/selinux/src/policy.conf |
120 |
>>security: 3 users, 5 roles, 367 types, 1 bools |
121 |
>>security: 51 classes, 24552 rules |
122 |
>>/usr/bin/checkpolicy: policy configuration loaded |
123 |
>>/usr/bin/checkpolicy: writing binary representation (version 18) to |
124 |
>>/etc/security/selinux/policy.18 |
125 |
>> * Building file_contexts |
126 |
>> * Installing file_contexts |
127 |
>> * Loading policy.18 |
128 |
>>/usr/sbin/load_policy: security_load_policy failed |
129 |
>>make: *** [tmp/load] Error 3 |
130 |
>> |
131 |
>> |
132 |
>>... i then changed POLICYCOMPAT to be 16 and tried again : |
133 |
>> |
134 |
>> make load |
135 |
>> * Policy version: 16 |
136 |
>> * Kernel version: 16 |
137 |
>> * Compiling and installing policy.16 |
138 |
>>/usr/bin/checkpolicy: loading policy configuration from |
139 |
>>/etc/security/selinux/src/policy.conf |
140 |
>>security: 3 users, 5 roles, 367 types, 1 bools |
141 |
>>security: 51 classes, 24552 rules |
142 |
>>/usr/bin/checkpolicy: policy configuration loaded |
143 |
>>/usr/bin/checkpolicy: writing binary representation (version 16) to |
144 |
>>/etc/security/selinux/policy.16 |
145 |
>> * Loading policy.16 |
146 |
>>/usr/sbin/load_policy: security_load_policy failed |
147 |
>>make: *** [tmp/load] Error 3 |
148 |
>> |
149 |
>> |
150 |
>>it still fails. |
151 |
>> |
152 |
>>The system is currently booted to the LiveCD (as per instructions).. |
153 |
>>the kernel downloaded and build was 2.6.7-hardened-r8 (emerge |
154 |
>>hardened-dev-sources) .. |
155 |
>> |
156 |
>>Could anyone shed some light on what I am doing incorrectly ? |
157 |
>> |
158 |
>>Thanks, |
159 |
>> |
160 |
>>Brian |
161 |
>> |
162 |
>> |
163 |
>> |
164 |
>> |
165 |
> |
166 |
> |
167 |
>-- |
168 |
>gentoo-hardened@g.o mailing list |
169 |
> |
170 |
> |
171 |
> |
172 |
> |
173 |
|
174 |
-- |
175 |
gentoo-hardened@g.o mailing list |