Trouble with module

Fri Oct 6 12:03:04 UTC 2006

Pierre JUHEN wrote:
> No, I didn't skip the middle step.
>
> I have turned around this problem for days, googleized a lot,
> I didnt find a clue.
>
> Why is semodule looking in a inexistant directory ?
>
>   
the directory is there when the operation fails. semodule copies 
everything from modules/active to modules/tmp to operate on it and when 
it reads that file (toto.mod) it fails because it is a policy module and 
not a policy package.

try semodule -r toto

though I don't know how that file got there in the first place, semodule 
should have never accepted it
> I suspect a configuration problem, but where ?????
>
>   
>> Message du 06/10/06 04:28
>> De : "Joshua Brindle" <method at gentoo.org>
>> A : "Pierre JUHEN" <pierre.juhen at wanadoo.fr>
>> Copie à : fedora-selinux-list at redhat.com
>> Objet : Re: Trouble with module
>>
>> Pierre JUHEN wrote:
>>     
>>> To correct error messages appearing in the audit.log, I ran the 
>>> procedure described in the audit2allow manual page.
>>>
>>> Here is the .te file :
>>>
>>> module local 1.0;
>>>
>>> require {
>>>    class dir search;
>>>    class fd use;
>>>    class fifo_file write;
>>>    class file { read write };
>>>    class netlink_route_socket create;
>>>    class unix_stream_socket { read write };
>>>    type apmd_log_t;
>>>    type cupsd_config_t;
>>>    type cupsd_t;
>>>    type dovecot_auth_t;
>>>    type dovecot_t;
>>>    type etc_mail_t;
>>>    type etc_runtime_t;
>>>    type hald_t;
>>>    type home_root_t;
>>>    type hostname_t;
>>>    type restorecon_t;
>>>    type semanage_t;
>>>    type unconfined_t;
>>>    type user_home_dir_t;
>>>    type usr_t;
>>>    type xdm_t;
>>>    role system_r;
>>> };
>>>
>>> allow cupsd_config_t apmd_log_t:file { read write };
>>> allow cupsd_t apmd_log_t:file { read write };
>>> allow dovecot_auth_t self:netlink_route_socket create;
>>> allow dovecot_t etc_runtime_t:file read;
>>> allow dovecot_t unconfined_t:fifo_file write;
>>> allow dovecot_t xdm_t:fd use;
>>> allow hald_t home_root_t:dir search;
>>> allow hostname_t etc_mail_t:file read;
>>> allow hostname_t unconfined_t:fifo_file write;
>>> allow hostname_t usr_t:file read;
>>> allow hostname_t xdm_t:fd use;
>>> allow restorecon_t xdm_t:fd use;
>>> allow semanage_t unconfined_t:unix_stream_socket { read write };
>>> allow semanage_t user_home_dir_t:dir search;
>>>
>>> When I try to load the module using "semodule -i local.pp"
>>>
>>> Iget :
>>>
>>> libsepol.module_package_read_offsets: wrong magic number for module 
>>> package:  expected 4185718671, got 4185718669
>>> libsemanage.semanage_load_module: Error while reading from module 
>>> file/etc/ selinux/targeted/modules/tmp/modules/toto.mod.
>>>
>>>       
>> did you build a policy package correctly using the following commands:
>>
>> checkmodule -M -m local.te -o local.mod
>> semodule_package -m local.mod -o local.pp
>> semodule -i local.pp
>>
>>
>> it looks like you probably skipped the middle step..
>>
>>