Strict policy on FC6 and F7
shintaro_fujiwara
shin216 at xf7.so-net.ne.jp
Wed Aug 8 21:23:42 UTC 2007
2007-08-08 (水) の 13:32 -0700 に Hal さんは書きました:
> Well
> I manged to compile the module, but
> it does not work for me.
> Compiled,loaded,set enforcing and: "authentication failed" again.
>
> I do not know if I am stupid, but I can not get a long with this Selinux...
>
> Does this nodule work for you guys????
>
> hal
>
> --- "Christopher J. PeBenito" <cpebenito at tresys.com> wrote:
>
> > On Wed, 2007-08-08 at 12:39 -0700, Hal wrote:
> > > I have tryed with
> > > logging_send_audit_msgs(local_login_t)
> > >
> > > But still:
> > > [root at localhost hal]# make -f /usr/share/selinux/devel/Makefile local.pp
> > > Compiling strict local module
> > > /usr/bin/checkmodule: loading policy configuration from tmp/local.tmp
> > > local.te:9:ERROR 'unknown class capability used in rule' at token ';' on
> > line
> > > 81105:
> > > #line 9
> > > allow local_login_t self:capability audit_write;
Because we did not write
class capability { audit_write };
in require brace.
write it and try again.
Did you make it?
As a matter of fact, I have another problem on strict policy.
I ended up breaking F7 altogether eliminating libselinux with --nodeps.
Now I'm trying to upgrade FC6 to F7.
You can upgrade FC6 to F7, if you are tired of your process on F7.
Do not stop trying strict policy.Never surrender.
It's rewarding, and SELinux guys will guide you to the right place.
> > > /usr/bin/checkmodule: error(s) encountered while parsing configuration
> > > make: *** [tmp/local.mod] Error 1
> > >
> > > I really have no idea what all this means.
> > > there is nowhere "allow" in local.te. if it is in this macros at the end...
> > > Do I need to install the policy source and edit it?
> >
> > It is in the interface. You need to change this:
> >
> > > > > module local 1.0;
> >
> > to this:
> >
> > policy_module(local,1.0)
> >
> > It will automatically require all of the kernel object classes.
> >
> > --
> > Chris PeBenito
> > Tresys Technology, LLC
> > (410) 290-1411 x150
> >
> >
>
>
>
> ____________________________________________________________________________________
> Luggage? GPS? Comic books?
> Check out fitting gifts for grads at Yahoo! Search
> http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list