Running a script from Samba

Aleksander Adamowski aleksander.adamowski.fedora at altkom.pl
Mon Aug 11 11:58:40 UTC 2008 

Aleksander Adamowski wrote:
>
> Hi!
>
> I have a problem with this type on Fedora 9 (upgraded from Fedora 8).
>
> I'm trying to rebuild the policy and recompile my custom modules for 
> policy version 3.3, but when I try to replace the base policy I get 
> the error that this type is not defined:
>
> # semodule -b /usr/share/selinux/targeted/base.pp
> libsepol.context_from_record: type samba_unconfined_script_exec_t is 
> not defined
> libsepol.context_from_record: could not create context structure
> libsepol.context_from_string: could not create context structure
> libsepol.sepol_context_to_sid: could not convert 
> system_u:object_r:samba_unconfined_script_exec_t:s0 to sid
> invalid context system_u:object_r:samba_unconfined_script_exec_t:s0
> libsemanage.semanage_install_active: setfiles returned error code 1.
> semodule:  Failed!
>
> I've removed all my custom modules; my file_contexts.local contains 
> only one entry that concerns stunnel:
> /usr/bin/stunnel -- system_u:object_r:stunnel_exec_t:s0
>
> I also have the unconfined.pp module unloaded (when it was Fedora 8). 
> But when I try to load it back on Fedora 9, I get this error:
>
> # semodule -i /usr/share/selinux/targeted/unconfined.pp
> libsepol.permission_copy_callback: Module unconfined depends on 
> permission forward_out in class packet, not satisfied
> libsemanage.semanage_link_sandbox: Link packages failed
> semodule:  Failed!
>
> Which is probably (I think) due to the old base.pp being still used 
> because I cannot install the new one because of this problem with 
> Samba script type.
>
> Could you suggest a path for getting out of this situation?
>

I've figured out that indeed my unloading of unconfined.pp was causing 
the problem with loading the base policy. However, copying 
/usr/share/selinux/targeted/unconfined.pp manually to 
/etc/selinux/targeted/modules/active/modules has allowed me to load the 
new base.pp.


-- 
Best Regards,
    Aleksander Adamowski
        GG#: 274614
        ICQ UIN: 19780575 
	http://olo.org.pl

More information about the fedora-selinux-list mailing list