Running a script from Samba

Daniel J Walsh dwalsh at redhat.com
Wed Aug 13 19:16:17 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aleksander Adamowski wrote:
> Aleksander Adamowski wrote:
>>
>> I've figured out that indeed my unloading of unconfined.pp was causing
>> the problem with loading the base policy. However, copying
>> /usr/share/selinux/targeted/unconfined.pp manually to
>> /etc/selinux/targeted/modules/active/modules has allowed me to load
>> the new base.pp.
> The problem with the solution is that now I cannot "semodule -r
> unconfined" like Dan has advised for Fedora 8.
> On Fedora 9 this results in this error:
> 
> # semodule -r unconfined
> libsepol.context_from_record: type samba_unconfined_script_exec_t is not
> defined
> libsepol.context_from_record: could not create context structure
> libsepol.context_from_string: could not create context structure
> libsepol.sepol_context_to_sid: could not convert
> system_u:object_r:samba_unconfined_script_exec_t:s0 to sid
> invalid context system_u:object_r:samba_unconfined_script_exec_t:s0
> 
> Has the procedure of removing the "unconfined" module been superseded by
> something else in Fedora 9?
> 
> BTW, this is probably a question to Dan: is there any single place with
> documentation about all the changes in the SELinux policy and procedures
> relating to its customisation between Fedora releases? There is no such
> information in Fedora's release notes (where any sane being would look
> for them first).
> 
> Currently with each Fedora Release there are numerous changes that break
> backward compatibility and significantly change the customisation
> procedures. However, I were able to find information about them only by
> scraping them from all around the web - from interviews with Dan Walsh,
> his LiveJournal blog, some random mailing list discussions,
> half-finished Fedora Wiki pages and so on. Am I missing something?
> Is there a place where comprehensive documentation for all this lies?
> 
> 
I am fixing this in policy so you can remove the unconfined_domain.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkijMwEACgkQrlYvE4MpobNNGACfUJzZWk6p8yNz7FmoJX48fWOa
DK4AoIO3MV4oZUjiCgAV8P17DqKOjuzh
=22eQ
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list