Strict policy on FC6 and F7

Wed Aug 8 21:43:47 UTC 2007

Authentication failed again:(
but meanwhile I have checked firefox on strict policy on FC7 it does not work.

--- shintaro_fujiwara <shin216 at xf7.so-net.ne.jp> wrote:

> 2007-08-08 (æ°´) ã® 13:32 -0700 ã« Hal ã•ã‚“ã¯æ›¸ãã¾ã—ãŸ:
> > Well
> > I manged to compile the module, but
> > it does not work for me. 
> > Compiled,loaded,set enforcing and: "authentication failed" again.
> > 
> > I do not know if I am stupid, but I can not get a long with this Selinux...
> 
> > 
> > Does this nodule work for you guys????
> > 
> > hal
> > 
> > --- "Christopher J. PeBenito" <cpebenito at tresys.com> wrote:
> > 
> > > On Wed, 2007-08-08 at 12:39 -0700, Hal wrote:
> > > > I have tryed with
> > > > logging_send_audit_msgs(local_login_t)
> > > > 
> > > > But still:
> > > > [root at localhost hal]# make -f /usr/share/selinux/devel/Makefile
> local.pp
> > > > Compiling strict local module
> > > > /usr/bin/checkmodule:  loading policy configuration from tmp/local.tmp
> > > > local.te:9:ERROR 'unknown class capability used in rule' at token ';'
> on
> > > line
> > > > 81105:
> > > > #line 9
> > > >         allow local_login_t self:capability audit_write;
> Because we did not write 
> 
> class capability { audit_write };
> 
> in require brace.
> 
> write it and try again.
> Did you make it?
> 
> 
> As a matter of fact, I have another problem on strict policy.
> I ended up breaking F7 altogether eliminating libselinux with --nodeps.
> Now I'm trying to upgrade FC6 to F7.
> You can upgrade FC6 to F7, if you are tired of your process on F7.
> Do not stop trying strict policy.Never surrender.
> It's rewarding, and SELinux guys will guide you to the right place.
> 
> 
> > > > /usr/bin/checkmodule:  error(s) encountered while parsing configuration
> > > > make: *** [tmp/local.mod] Error 1
> > > > 
> > > > I really have no idea what all this means.
> > > > there is nowhere "allow" in local.te. if it is in this macros at the
> end...
> > > > Do I need to install the policy source and edit it?
> > > 
> > > It is in the interface.  You need to change this:
> > > 
> > > > > > module local 1.0;
> > > 
> > > to this:
> > > 
> > > policy_module(local,1.0)
> > > 
> > > It will automatically require all of the kernel object classes.
> > > 
> > > -- 
> > > Chris PeBenito
> > > Tresys Technology, LLC
> > > (410) 290-1411 x150
> > > 
> > > 
> > 
> > 
> > 
> >      
>
____________________________________________________________________________________
> > Luggage? GPS? Comic books? 
> > Check out fitting gifts for grads at Yahoo! Search
> > http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz
> > 
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> 
> 

____________________________________________________________________________________
Sick sense of humor? Visit Yahoo! TV's 
Comedy with an Edge to see what's on, when. 
http://tv.yahoo.com/collections/222