How to apply new policy exactly?

Benjamin Tsai benjamin.tsai at intervideo.com
Mon Sep 11 11:08:20 UTC 2006 

Dear all:

 

           I've downloaded refpolicy source from tresys's website and
tried to install it on my FC5 box. 

           However, there're some problems I'm not able to fix it so
far. According to online documents, I first setenforce 0.

           In build.conf I enabled DISTRO=redhat, then make install-src
under /etc/selinux/refpolicy

make conf; make policy; make install; make load under
/etc/selinux/refpolicy/src/policy

1.       While executing make load, it replied that policy file argument
policy.20 is no longer supported, The next line showed "continue..."

I was so confused here that it looked like refpolicy is not loaded yet.
So how do I feed it a "supported policy file"?

2.       Besides, is there any way I can check if the policy is loaded?
My guess is sestatus.

3.       If I neglected the "loading-policy-thing" and make relabel
directly, then I'll got 

 

Relabeling filesystem types: ext2 ext3 xfs jfs

/usr/sbin/setfiles /etc/selinux/refpolicy/contexts/files/file_contexts /
/boot

/etc/selinux/refpolicy/contexts/files/file_contexts:  line 79 has
invalid context system_u:object_r:quota_db_t

/etc/selinux/refpolicy/contexts/files/file_contexts:  line 121 has
invalid context system_u:object_r:svc_svc_t

/etc/selinux/refpolicy/contexts/files/file_contexts:  line 139 has
invalid context system_u:object_r:ipsec_exec_t

/etc/selinux/refpolicy/contexts/files/file_contexts:  line 147 has
invalid context system_u:object_r:ipsec_exec_t

/etc/selinux/refpolicy/contexts/files/file_contexts:  line 153 has
invalid context system_u:object_r:ipsec_exec_t

/etc/selinux/refpolicy/contexts/files/file_contexts:  line 189 has
invalid context system_u:object_r:ipsec_mgmt_exec_t

/etc/selinux/refpolicy/contexts/files/file_contexts:  line 213 has
invalid context system_u:object_r:ipsec_mgmt_exec_t

/etc/selinux/refpolicy/contexts/files/file_contexts:  line 214 has
invalid context system_u:object_r:ipsec_exec_t

/etc/selinux/refpolicy/contexts/files/file_contexts:  line 245 has
invalid context system_u:object_r:portage_exec_t

Exiting after 10 errors.

make: *** [relabel] Error 1

 

           Though, I believe this error comes after the unmatched
running policy.

Please give me some instructions to fix up problems listed above. Thank
you guys :-)

 

Best Regards,

Benjamin Tsai

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20060911/da1bbe58/attachment.htm>

More information about the fedora-selinux-list mailing list