SELinux Trouble

Where Penguins and Daemons chill together in the warmth of the Sun.

Moderators: SecretSquirrel, notfred

SELinux Trouble

Postposted on Mon May 04, 2009 5:10 pm

Okay, I've been struggling with this for several days, and I just can't find the information to solve my issue:
Code: Select all
atlas ~ # audit2allow -a -M local
Generating type enforcment file: local.te
Compiling policy
checkmodule  -m -o local.mod local.te
semodule_package -o local.pp -m local.mod

******************** IMPORTANT ***********************

In order to load this newly created policy package into the kernel,
you are required to execute

semodule -i local.pp


atlas ~ # semodule -i local.pp
libsepol.check_assertion_helper: assertion on line 0 violated by allow staff_t policy_config_t:file { relabelto };
libsepol.check_assertion_helper: assertion on line 0 violated by allow staff_t security_t:security { load_policy };
libsepol.check_assertion_helper: assertion on line 0 violated by allow staff_t shadow_t:file { relabelto };
libsepol.check_assertion_helper: assertion on line 0 violated by allow staff_t shadow_t:file { write create };
libsepol.check_assertion_helper: assertion on line 0 violated by allow initrc_t shadow_t:file { read };
libsepol.check_assertions: 5 assertion violations occured
libsemanage.semanage_expand_sandbox: Expand module failed
semodule:  Failed!


All that's in there are things related to startup. And the errors aren't giving me any good clues.
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 6:00 pm
Location: Great Smoky Mountains

Re: SELinux Trouble

Postposted on Sat May 30, 2009 4:39 am

So, the problem still persists.

Is SELinux not used by anyone?
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 6:00 pm
Location: Great Smoky Mountains

Re: SELinux Trouble

Postposted on Sat May 30, 2009 8:56 am

titan wrote:Is SELinux not used by anyone?

SELinux is used by a lot of people -- in particular, most people who use RedHat-based distros (RHEL and Fedora). The vast majority of people do not, however, make their own policy files. That's much less common. Russell Coker, who does a lot of SELinux stuff on Debian, suggests asking in #selinux on Freenode IRC.
bitvector
Grand Gerbil Poohbah
 
Posts: 3234
Joined: Wed Jun 22, 2005 3:39 pm
Location: Mountain View, CA

Re: SELinux Trouble

Postposted on Sat May 30, 2009 4:05 pm

bitvector wrote:
titan wrote:Is SELinux not used by anyone?

SELinux is used by a lot of people -- in particular, most people who use RedHat-based distros (RHEL and Fedora). The vast majority of people do not, however, make their own policy files. That's much less common. Russell Coker, who does a lot of SELinux stuff on Debian, suggests asking in #selinux on Freenode IRC.

I'll give that a shot again. The last time I asked on that channel I had a deafening silence for a reply. And there we're other people talking on the channel.

I haven't started enforcing the policies yet, I'm just concerned that when I do I won't be able to run anything.
The best things in life are free.
http://www.gentoo.org
Guy 1: Surely, you will fold with me.
Guy 2: Alright, but don't call me Shirley.
titan
Grand Gerbil Poohbah
 
Posts: 3276
Joined: Mon Feb 18, 2002 6:00 pm
Location: Great Smoky Mountains


Return to Linux, Unix, and Assorted Madness

Who is online

Users browsing this forum: Bing [Bot] and 1 guest