semodule: Failed!

[Dominick Grift]

On Mon, 2009-11-09 at 15:27 -0800, John Oliver wrote:
> [root at mda-services4 ~]# grep nagios /var/log/audit/audit.log |
> audit2allow
> 
> 
> #============= nagios_t ==============
> allow nagios_t var_t:dir read;
> [root at mda-services4 ~]# grep nagios /var/log/audit/audit.log |
> audit2allow -M nagios
> ******************** IMPORTANT ***********************
> To make this policy package active, execute:
> 
> semodule -i nagios.pp
> 
> [root at mda-services4 ~]# semodule -i nagios.pp
> libsepol.print_missing_requirements: nagios's global requirements were
> not met: type/attribute nagios_t
> libsemanage.semanage_link_sandbox: Link packages failed
> semodule:  Failed!
> 
> 
> 
> What on Earth does that mean???
> 
It means you (probably) did something that is not so smart:

My guess is that you have overwritten the distributed nagios module.

I think that, because you show me this:

semodule -i nagios.pp

And i assume you have probably did that before.

The problem is that you are trying to install (and have been installing)
a custom module with the same name of a distributed module:

[root at notebook3 admin]# semodule -l | grep nagios
nagios  1.8.0

In simple human language:

You have overwritten the nagios module that came with you distribution
with a custom nagios module.

To undo this, either for a update of selinux-policy and selinux-policy
(this should overwrite you custom nagios module with the one that comes
with your distribution) or you can just install the distribution nagios
modules from: 

[root at notebook3 admin]# ls /usr/share/selinux/targeted | grep nagios
nagios.pp.bz2


The lesson to be learned from this experience is:

If you decide to install a custom module; then make sure that you give
it a unigue name (for example: grep nagios /var/log/audit/audit.log |
audit2allow -M mynagios; semodule -i mynagios.pp)

Because if there is already a module installed by that name you will
overwrite it.