Strict policy on FC6 and F7
Hal
hal_bg at yahoo.com
Wed Aug 8 21:43:47 UTC 2007
Authentication failed again:(
but meanwhile I have checked firefox on strict policy on FC7 it does not work.
--- shintaro_fujiwara <shin216 at xf7.so-net.ne.jp> wrote:
> 2007-08-08 (æ°´) ã® 13:32 -0700 ã« Hal ããã¯æ¸ãã¾ãã:
> > Well
> > I manged to compile the module, but
> > it does not work for me.
> > Compiled,loaded,set enforcing and: "authentication failed" again.
> >
> > I do not know if I am stupid, but I can not get a long with this Selinux...
>
> >
> > Does this nodule work for you guys????
> >
> > hal
> >
> > --- "Christopher J. PeBenito" <cpebenito at tresys.com> wrote:
> >
> > > On Wed, 2007-08-08 at 12:39 -0700, Hal wrote:
> > > > I have tryed with
> > > > logging_send_audit_msgs(local_login_t)
> > > >
> > > > But still:
> > > > [root at localhost hal]# make -f /usr/share/selinux/devel/Makefile
> local.pp
> > > > Compiling strict local module
> > > > /usr/bin/checkmodule: loading policy configuration from tmp/local.tmp
> > > > local.te:9:ERROR 'unknown class capability used in rule' at token ';'
> on
> > > line
> > > > 81105:
> > > > #line 9
> > > > allow local_login_t self:capability audit_write;
> Because we did not write
>
> class capability { audit_write };
>
> in require brace.
>
> write it and try again.
> Did you make it?
>
>
> As a matter of fact, I have another problem on strict policy.
> I ended up breaking F7 altogether eliminating libselinux with --nodeps.
> Now I'm trying to upgrade FC6 to F7.
> You can upgrade FC6 to F7, if you are tired of your process on F7.
> Do not stop trying strict policy.Never surrender.
> It's rewarding, and SELinux guys will guide you to the right place.
>
>
> > > > /usr/bin/checkmodule: error(s) encountered while parsing configuration
> > > > make: *** [tmp/local.mod] Error 1
> > > >
> > > > I really have no idea what all this means.
> > > > there is nowhere "allow" in local.te. if it is in this macros at the
> end...
> > > > Do I need to install the policy source and edit it?
> > >
> > > It is in the interface. You need to change this:
> > >
> > > > > > module local 1.0;
> > >
> > > to this:
> > >
> > > policy_module(local,1.0)
> > >
> > > It will automatically require all of the kernel object classes.
> > >
> > > --
> > > Chris PeBenito
> > > Tresys Technology, LLC
> > > (410) 290-1411 x150
> > >
> > >
> >
> >
> >
> >
>
____________________________________________________________________________________
> > Luggage? GPS? Comic books?
> > Check out fitting gifts for grads at Yahoo! Search
> > http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
____________________________________________________________________________________
Sick sense of humor? Visit Yahoo! TV's
Comedy with an Edge to see what's on, when.
http://tv.yahoo.com/collections/222
More information about the fedora-selinux-list
mailing list