semodule: Failed!
Dominick Grift
domg472 at gmail.com
Tue Nov 10 13:51:49 UTC 2009
On Mon, 2009-11-09 at 15:27 -0800, John Oliver wrote:
> [root at mda-services4 ~]# grep nagios /var/log/audit/audit.log |
> audit2allow
>
>
> #============= nagios_t ==============
> allow nagios_t var_t:dir read;
> [root at mda-services4 ~]# grep nagios /var/log/audit/audit.log |
> audit2allow -M nagios
> ******************** IMPORTANT ***********************
> To make this policy package active, execute:
>
> semodule -i nagios.pp
>
> [root at mda-services4 ~]# semodule -i nagios.pp
> libsepol.print_missing_requirements: nagios's global requirements were
> not met: type/attribute nagios_t
> libsemanage.semanage_link_sandbox: Link packages failed
> semodule: Failed!
>
>
>
> What on Earth does that mean???
>
It means you (probably) did something that is not so smart:
My guess is that you have overwritten the distributed nagios module.
I think that, because you show me this:
semodule -i nagios.pp
And i assume you have probably did that before.
The problem is that you are trying to install (and have been installing)
a custom module with the same name of a distributed module:
[root at notebook3 admin]# semodule -l | grep nagios
nagios 1.8.0
In simple human language:
You have overwritten the nagios module that came with you distribution
with a custom nagios module.
To undo this, either for a update of selinux-policy and selinux-policy
(this should overwrite you custom nagios module with the one that comes
with your distribution) or you can just install the distribution nagios
modules from:
[root at notebook3 admin]# ls /usr/share/selinux/targeted | grep nagios
nagios.pp.bz2
The lesson to be learned from this experience is:
If you decide to install a custom module; then make sure that you give
it a unigue name (for example: grep nagios /var/log/audit/audit.log |
audit2allow -M mynagios; semodule -i mynagios.pp)
Because if there is already a module installed by that name you will
overwrite it.
More information about the fedora-selinux-list
mailing list