New SELinux User

[Linda Finch]

It took me ages to track down where the duplicate type declaration was 
coming from - I was sure it wasn't the ircd.te file I'd created as I'd 
checked it numerous times.  In the end I found it was being inserted by the 
append_logdir_domain macro.  Everything compiles, the file system is 
labelled as expected and I can move on to another problem. The IRCD daemon 
it is not starting with the correct security context.  Again, I've double 
and treble checked the ircd.te file and I'm wondering if it is another 
problem between this file and the domain_auto_trans macro.  I'm starting 
here anyway.

I've not had a chance to look again at FC5 but will screen dump the error 
message for more information.  Then I guess it will be FC6 when I've got 
this cracked.....!

Thanks very much for your help so far

Linda

>From: Karl MacMillan <kmacmill at redhat.com>
>To: Linda Finch <lindafinch1 at hotmail.co.uk>
>CC: fedora-selinux-list at redhat.com
>Subject: Re: New SELinux User
>Date: Wed, 08 Nov 2006 10:47:19 -0500
>
>On Wed, 2006-11-08 at 15:31 +0000, Linda Finch wrote:
> > I am trying to get up to speed with SELinux however as I am also a 
>novice
> > Linux user (my OS knowledge has been with other systems) this is a very
> > steep learning curve!  To ease the pain, I purchased the SELinux by 
>example
> > book and have been trying to work through the example policy module for 
>the
> > IRC daemon.
> >
> > I set up a standard FC4 workstation with the required strict src policy, 
>IRC
> > etc and proceeded to follow through the book however I cannot get it to
> > compile.  When I enter the make && make install && make load command I 
>get
> > the following error:
> >
> > make && make install && make load
> > /usr/bin/checkpolicy  -o policy.21 policy.conf
> > /usr/bin/checkpolicy:  loading policy configuration from policy.conf
> > domains/program/ircd.te:28:ERROR 'duplicate declaration of 
>type/attribute'
> > at token ';' on line 290384:
> > type ircd_log_t, file_type, sysadmfile, logfile;
> > #line 28
> > checkpolicy:  error(s) encountered while parsing configuration
> > make: *** [policy.21] Error 1
> >
>
>The compiler is saying that this type has already been declared. Make
>certain that you did not accidentally include this line twice. It is
>also possible that the strict policy that you are using already has a
>policy for the ircd daemon (I don't have an FC4 system to check the
>latest policy). You can grep through the policy modules to see if this
>type is declared in another module - run this command in
>domains/program:
>
>grep "type ircd_log_t *.te
>
>That should show you the file names of all the files that contain the
>phrase "type ircd_log_t". If there is another policy module declaring
>this type you can disable it by moving it and its corresponding .fc file
>to the unused directories in domains/program and file_contexts.
>
> >
> > I've double checked the ircd.te file, looked at the policy.conf file and
> > can't see anything wrong.  Is this error immediately obvious to anyone
> > (without knowing the example in the book of course!)?  If so, please 
>help!
> > Apologies if there is something simple that I've not done - as I say, 
>I'm a
> > novice user!  I've also had a go with the reference policy example in 
>the
> > book for FC5 and couldn't get that to compile either.  That gives an 
>error
> > with the generated_definitions.conf file.  I downloaded the most 
>uptodate
> > version of the refpolicy from Tresys' site but maybe there are other 
>patches
> > I need?  Again, this was a std FC5 install.
> >
>
>Can you give a more detailed error message here?
>
>Karl
>

_________________________________________________________________
Be the first to hear what's new at MSN - sign up to our free newsletters! 
http://www.msn.co.uk/newsletters