RE: [gentoo-hardened] building gentoo hardened - selinux - gentoo-hardened

From:	Jansson Fredrik <Fredrik.Jansson@×××××××××××.com>
To:	gentoo-hardened@l.g.o
Subject:	RE: [gentoo-hardened] building gentoo hardened - selinux
Date:	Wed, 15 Sep 2004 11:06:33
Message-Id:	`939755D83C92514FA1914B53C405E1C702A95D@ctserver4.hq.columbitech.com`

1

Hi!

2

3

Had the same problems. Yesterday I recompiled and reinstalled the

4

kernel. I ran make clean and make load on the polices, but no make

5

relabel and it worked for me. 

6

7

Another, maybe related question: I am running a 2.6.7-hardeneded-r8

8

kernel, should I install the linux26-headers and uninstall

9

linux-headers? What do I have to do to my system if I do that?

10

11

/Fredrik

12

13

-----Original Message-----

14

From: Chris PeBenito [mailto:pebenito@g.o] 

15

Sent: den 15 september 2004 12:59

16

To: Richard Simpson

17

Cc: Brian Fernald; gentoo-hardened@l.g.o

18

Subject: RE: [gentoo-hardened] building gentoo hardened - selinux

19

20

This all has to do with the headers update that has been going on for

21

the last couple weeks.  The livecd has to be updated too, and I

22

overlooked this fact.  I'll try to get a new livecd out ASAP.

23

24

25

On Tue, 2004-09-14 at 20:04, Richard Simpson wrote:

26

> Brian-

27

>

28

> Look in /usr/src/linux/security/selinux/include/security.h to see what

29

30

> policy versions your kernel is compatible with. My 2.6.7-r8 kernel

31

> lists 15 min and 17 max, so I was able to use POLICYCOMPAT = -c 17.

32

> AFAIK the policy compiler is only backwards compatible 1 version

33

> level.

34

>

35

> For some reason emerge chose to merge selinux-base-policy-20040906 on

36

> my system too even though that package is flagged ~x86, and I found

37

> out after the fact that it's not compatible with my kernel. I would

38

> like to see hardened-dev-sources noted in the changelog what policy

39

> versions it supports, rather than having to dig through the headers

40

> after its emerged.

41

>

42

> Richard.

43

>         -----Original Message-----

44

>         From: Brian Fernald [mailto:bfernald@×××××.com]

45

>         Sent: Tuesday, September 14, 2004 4:47 PM

46

>         To: gentoo-hardened@l.g.o

47

>         Subject: [gentoo-hardened] building gentoo hardened - selinux

48

>

49

>

50

>         Hi,

51

>

52

>         I have just walked through the Gentoo SELinux handbook to

53

>         build a new system.    Whenever I come to the point of loading

54

>         the security policy,  it attempts to build a Policy of version

55

>         18 ..  It reports the following :

56

>

57

>          make load

58

>          * Creating policy.conf

59

>          * Policy version: 18

60

>          * Kernel version: 16

61

>          * WARNING: Policy version mismatch.  Is your POLICYCOMPAT set

62

>         correctly?

63

>          *  See

64

>

65

http://hardened.gentoo.org/selinux/selinux-policy.xml#doc_chap6

66

>          *  for more information.

67

>          * Compiling and installing policy.18

68

>         /usr/bin/checkpolicy:  loading policy configuration from

69

>         /etc/security/selinux/src/policy.conf

70

>         security:  3 users, 5 roles, 367 types, 1 bools

71

>         security:  51 classes, 24552 rules

72

>         /usr/bin/checkpolicy:  policy configuration loaded

73

>         /usr/bin/checkpolicy:  writing binary representation (version

74

>         18) to /etc/security/selinux/policy.18

75

>          * Building file_contexts

76

>          * Installing file_contexts

77

>          * Loading policy.18

78

>         /usr/sbin/load_policy:  security_load_policy failed

79

>         make: *** [tmp/load] Error 3

80

>

81

>

82

>         ... i then changed   POLICYCOMPAT  to be 16 and tried again :

83

>

84

>          make load

85

>          * Policy version: 16

86

>          * Kernel version: 16

87

>          * Compiling and installing policy.16

88

>         /usr/bin/checkpolicy:  loading policy configuration from

89

>         /etc/security/selinux/src/policy.conf

90

>         security:  3 users, 5 roles, 367 types, 1 bools

91

>         security:  51 classes, 24552 rules

92

>         /usr/bin/checkpolicy:  policy configuration loaded

93

>         /usr/bin/checkpolicy:  writing binary representation (version

94

>         16) to /etc/security/selinux/policy.16

95

>          * Loading policy.16

96

>         /usr/sbin/load_policy:  security_load_policy failed

97

>         make: *** [tmp/load] Error 3

98

>

99

>

100

>         it still fails.

101

>

102

>         The system is currently booted to the LiveCD (as per

103

>         instructions)..  the kernel downloaded and build was

104

>         2.6.7-hardened-r8  (emerge hardened-dev-sources)  ..

105

>

106

>         Could anyone shed some light on what I am doing incorrectly ?

107

>

108

>         Thanks,

109

>

110

>         Brian

111

>

112

--

113

Chris PeBenito

114

<pebenito@g.o>

115

Developer,

116

Hardened Gentoo Linux

117

Embedded Gentoo Linux

118

119

Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243

120

Key fingerprint = B0E6 877A 883F A57A 8E6A  CB00 BC8E E42D E6AF 9243

121

122

--

123

gentoo-hardened@g.o mailing list

1	Hi!
2
3	Had the same problems. Yesterday I recompiled and reinstalled the
4	kernel. I ran make clean and make load on the polices, but no make
5	relabel and it worked for me.
6
7	Another, maybe related question: I am running a 2.6.7-hardeneded-r8
8	kernel, should I install the linux26-headers and uninstall
9	linux-headers? What do I have to do to my system if I do that?
10
11	/Fredrik
12
13	-----Original Message-----
14	From: Chris PeBenito [mailto:pebenito@g.o]
15	Sent: den 15 september 2004 12:59
16	To: Richard Simpson
17	Cc: Brian Fernald; gentoo-hardened@l.g.o
18	Subject: RE: [gentoo-hardened] building gentoo hardened - selinux
19
20	This all has to do with the headers update that has been going on for
21	the last couple weeks. The livecd has to be updated too, and I
22	overlooked this fact. I'll try to get a new livecd out ASAP.
23
24
25	On Tue, 2004-09-14 at 20:04, Richard Simpson wrote:
26	> Brian-
27	>
28	> Look in /usr/src/linux/security/selinux/include/security.h to see what
29
30	> policy versions your kernel is compatible with. My 2.6.7-r8 kernel
31	> lists 15 min and 17 max, so I was able to use POLICYCOMPAT = -c 17.
32	> AFAIK the policy compiler is only backwards compatible 1 version
33	> level.
34	>
35	> For some reason emerge chose to merge selinux-base-policy-20040906 on
36	> my system too even though that package is flagged ~x86, and I found
37	> out after the fact that it's not compatible with my kernel. I would
38	> like to see hardened-dev-sources noted in the changelog what policy
39	> versions it supports, rather than having to dig through the headers
40	> after its emerged.
41	>
42	> Richard.
43	> -----Original Message-----
44	> From: Brian Fernald [mailto:bfernald@×××××.com]
45	> Sent: Tuesday, September 14, 2004 4:47 PM
46	> To: gentoo-hardened@l.g.o
47	> Subject: [gentoo-hardened] building gentoo hardened - selinux
48	>
49	>
50	> Hi,
51	>
52	> I have just walked through the Gentoo SELinux handbook to
53	> build a new system. Whenever I come to the point of loading
54	> the security policy, it attempts to build a Policy of version
55	> 18 .. It reports the following :
56	>
57	> make load
58	> * Creating policy.conf
59	> * Policy version: 18
60	> * Kernel version: 16
61	> * WARNING: Policy version mismatch. Is your POLICYCOMPAT set
62	> correctly?
63	> * See
64	>
65	http://hardened.gentoo.org/selinux/selinux-policy.xml#doc_chap6
66	> * for more information.
67	> * Compiling and installing policy.18
68	> /usr/bin/checkpolicy: loading policy configuration from
69	> /etc/security/selinux/src/policy.conf
70	> security: 3 users, 5 roles, 367 types, 1 bools
71	> security: 51 classes, 24552 rules
72	> /usr/bin/checkpolicy: policy configuration loaded
73	> /usr/bin/checkpolicy: writing binary representation (version
74	> 18) to /etc/security/selinux/policy.18
75	> * Building file_contexts
76	> * Installing file_contexts
77	> * Loading policy.18
78	> /usr/sbin/load_policy: security_load_policy failed
79	> make: *** [tmp/load] Error 3
80	>
81	>
82	> ... i then changed POLICYCOMPAT to be 16 and tried again :
83	>
84	> make load
85	> * Policy version: 16
86	> * Kernel version: 16
87	> * Compiling and installing policy.16
88	> /usr/bin/checkpolicy: loading policy configuration from
89	> /etc/security/selinux/src/policy.conf
90	> security: 3 users, 5 roles, 367 types, 1 bools
91	> security: 51 classes, 24552 rules
92	> /usr/bin/checkpolicy: policy configuration loaded
93	> /usr/bin/checkpolicy: writing binary representation (version
94	> 16) to /etc/security/selinux/policy.16
95	> * Loading policy.16
96	> /usr/sbin/load_policy: security_load_policy failed
97	> make: *** [tmp/load] Error 3
98	>
99	>
100	> it still fails.
101	>
102	> The system is currently booted to the LiveCD (as per
103	> instructions).. the kernel downloaded and build was
104	> 2.6.7-hardened-r8 (emerge hardened-dev-sources) ..
105	>
106	> Could anyone shed some light on what I am doing incorrectly ?
107	>
108	> Thanks,
109	>
110	> Brian
111	>
112	--
113	Chris PeBenito
114	<pebenito@g.o>
115	Developer,
116	Hardened Gentoo Linux
117	Embedded Gentoo Linux
118
119	Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xE6AF9243
120	Key fingerprint = B0E6 877A 883F A57A 8E6A CB00 BC8E E42D E6AF 9243
121
122	--
123	gentoo-hardened@g.o mailing list

Gentoo Archives: gentoo-hardened