SELinux Module Packaging in FC5

Paul Howarth paul at city-fan.org
Tue May 16 16:33:50 UTC 2006


Stephen Smalley wrote:
> On Tue, 2006-05-16 at 16:56 +0100, Paul Howarth wrote:
>> Next problem:
>>
>> I built and tested the package on one system, which was fully up to 
>> date. Worked fine. Then tried installing the package on other system 
>> that was running an older kernel and had older libsepol and 
>> selinux-policy-targeted packages. The result was:
>>
>> # rpm -Uvh contagged-0.3-2.noarch.rpm
>> Preparing...                ########################################### 
>> [100%]
>>     1:contagged              warning: /etc/httpd/conf.d/contagged.conf 
>> created as /etc/httpd/conf.d/contagged.conf.rpmnew
>> ########################################### [100%]
>> libsepol.class_copy_callback: contagged: Modules may not yet declare new 
>> classes.
>> libsemanage.semanage_link_sandbox: Link packages failed
>> /usr/sbin/semodule:  Failed!
>> # rpm -q selinux-policy-targeted libsepol libsemanage
>> selinux-policy-targeted-2.2.34-3.fc5
>> libsepol-1.12.4-1.fc5
>> libsemanage-1.6.2-2.fc5
>>
>> After doing a "yum update" on this system, the package installed cleanly.
>>
>> Is this a result of the required feature being missing from one of these 
>> (or some other) packages, or is a compiled .pp module compatible only 
>> with the specific version of something it was built against?
> 
> I'm confused - I thought you said that the policy package only contained
> a file contexts section, not a policy module.  Was there a policy
> module?  If so, what was the source?  The above looks like a bug to me.

It contains a policy module, but the module only includes file contexts.

The .if file is empty.

The .te file is just:
---------------------------------------------------------------------
# It's currently only necessary to set file contexts for the cache directory
# in this policy, but doing it in a module is easier from a package 
maintenance
# point of view than using semanage and chcon in scriptlets

policy_module(contagged, 0.1)

########################################
#
# Declarations
#

# (none needed)


########################################
#
# Local policy
#


# (none needed)
---------------------------------------------------------------------

The .fc file is:
---------------------------------------------------------------------
/var/cache/contagged(/.*)? 
gen_context(system_u:object_r:httpd_cache_t,s0)
---------------------------------------------------------------------

The module was built on a system with:
$ rpm -q selinux-policy-targeted libsepol libsemanage
selinux-policy-targeted-2.2.38-1.fc5
libsepol-1.12.6-1.fc5
libsemanage-1.6.2-2.fc5

The error occurred when the package was installed on a system with:
$ rpm -q selinux-policy-targeted libsepol libsemanage
selinux-policy-targeted-2.2.34-3.fc5
libsepol-1.12.4-1.fc5
libsemanage-1.6.2-2.fc5

Paul.




More information about the fedora-selinux-list mailing list