Trouble with module
Pierre JUHEN
pierre.juhen at wanadoo.fr
Fri Oct 6 18:55:51 UTC 2006
I did semodule -r toto :
libsepol.module_package_read_offsets: wrong magic number for module
package: expected 4185718671, got 4185718669
libsemanage.semanage_load_module: Error while reading from module file
/etc/selinux/targeted/modules/tmp/modules/toto.mod.
semodule: Failed!
semodule -r local
libsemanage.semanage_direct_remove: Module local was not found.
semodule: Failed on local!
[root at pierre ~]# ls -lZ /etc/selinux/targeted/modules/active/modules
-rw-r--r-- root root root:object_r:semanage_store_t toto.mod
-rw-r--r-- root root root:object_r:semanage_store_t toto.pp
-rw-r--r-- root root system_u:object_r:semanage_store_t toto.te
I don't understand.
Thank you for your help.
Joshua Brindle a écrit :
> Pierre JUHEN wrote:
>> No, I didn't skip the middle step.
>>
>> I have turned around this problem for days, googleized a lot,
>> I didnt find a clue.
>>
>> Why is semodule looking in a inexistant directory ?
>>
>>
> the directory is there when the operation fails. semodule copies
> everything from modules/active to modules/tmp to operate on it and
> when it reads that file (toto.mod) it fails because it is a policy
> module and not a policy package.
>
> try semodule -r toto
>
> though I don't know how that file got there in the first place,
> semodule should have never accepted it
>> I suspect a configuration problem, but where ?????
>>
>>
>>> Message du 06/10/06 04:28
>>> De : "Joshua Brindle" <method at gentoo.org>
>>> A : "Pierre JUHEN" <pierre.juhen at wanadoo.fr>
>>> Copie à : fedora-selinux-list at redhat.com
>>> Objet : Re: Trouble with module
>>>
>>> Pierre JUHEN wrote:
>>>
>>>> To correct error messages appearing in the audit.log, I ran the
>>>> procedure described in the audit2allow manual page.
>>>>
>>>> Here is the .te file :
>>>>
>>>> module local 1.0;
>>>>
>>>> require {
>>>> class dir search;
>>>> class fd use;
>>>> class fifo_file write;
>>>> class file { read write };
>>>> class netlink_route_socket create;
>>>> class unix_stream_socket { read write };
>>>> type apmd_log_t;
>>>> type cupsd_config_t;
>>>> type cupsd_t;
>>>> type dovecot_auth_t;
>>>> type dovecot_t;
>>>> type etc_mail_t;
>>>> type etc_runtime_t;
>>>> type hald_t;
>>>> type home_root_t;
>>>> type hostname_t;
>>>> type restorecon_t;
>>>> type semanage_t;
>>>> type unconfined_t;
>>>> type user_home_dir_t;
>>>> type usr_t;
>>>> type xdm_t;
>>>> role system_r;
>>>> };
>>>>
>>>> allow cupsd_config_t apmd_log_t:file { read write };
>>>> allow cupsd_t apmd_log_t:file { read write };
>>>> allow dovecot_auth_t self:netlink_route_socket create;
>>>> allow dovecot_t etc_runtime_t:file read;
>>>> allow dovecot_t unconfined_t:fifo_file write;
>>>> allow dovecot_t xdm_t:fd use;
>>>> allow hald_t home_root_t:dir search;
>>>> allow hostname_t etc_mail_t:file read;
>>>> allow hostname_t unconfined_t:fifo_file write;
>>>> allow hostname_t usr_t:file read;
>>>> allow hostname_t xdm_t:fd use;
>>>> allow restorecon_t xdm_t:fd use;
>>>> allow semanage_t unconfined_t:unix_stream_socket { read write };
>>>> allow semanage_t user_home_dir_t:dir search;
>>>>
>>>> When I try to load the module using "semodule -i local.pp"
>>>>
>>>> Iget :
>>>>
>>>> libsepol.module_package_read_offsets: wrong magic number for module
>>>> package: expected 4185718671, got 4185718669
>>>> libsemanage.semanage_load_module: Error while reading from module
>>>> file/etc/ selinux/targeted/modules/tmp/modules/toto.mod.
>>>>
>>>>
>>> did you build a policy package correctly using the following commands:
>>>
>>> checkmodule -M -m local.te -o local.mod
>>> semodule_package -m local.mod -o local.pp
>>> semodule -i local.pp
>>>
>>>
>>> it looks like you probably skipped the middle step..
>>>
>>>
>
>
More information about the fedora-selinux-list
mailing list