-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/20/2011 07:27 PM, Mr Dash Four wrote:
>> See if you can use sesearch/seinfo to search for the access that the
>> kernel is not using.
>>
> Right, thanks, I'll do that!
sesearch did *not* work - I've had a fatal error (something about
"invalid dom used" or something) - that was simply because I was using
the old version of setools (the one coming with FC13). I then thought,
rather naively as it turned out, that I would be able to recompile the
setools set of packages as easily as I did the rest during the weekend.
How wrong was I!
I've spent about 5 hours applying the most dirty and hideous hacks I
haven't used since my university days, but in the end *all* setools
packages were forced into submission and asked, not-so-politely, to use
and link to python3 instead of the version I have on my FC13 system
(2.6.4), thus bypassing the python 2.7 requirement for compilation and
build.
After I installed the relevant setools-* packages, I executed sesearch
again. It ran OK this time, but returned no matches - unsurprising,
given that the kernel was complaining of lack of these in the policy.
Then I decided to recompile the policy again - from source - and during
the build I realised the cause of these kernel errors: I installed my
libsemanage packages *after* I have built and installed the new SELinux
policy, which means that the selinux-policy-* packages were build and
installed using my old libsemanage packages (the one coming with FC13).
I also remembered that I had a weird error when I tried to install
selinux-policy-targeted (something about
libsemanage.semanage_link_sandbox: Link packages failed - No such file
or directory), though I did not pay attention to it at the time as the
package was installed "correctly".
When I recompiled and installed the policy again (though I had to bump
the version number from 26 to 27 to prevent rpm screaming at me) using
the new version of all conceivable SELinux packages, bar the gui ones,
all went well, during installation of selinux-policy-targeted I even had
my system relabelled (that was missing with the previous run - probably
because of the error I've got) and at the end everything was completed
without any errors.
When I subsequently rebooted and checked my syslog again - the kernel
errors were gone! Problem solved!
Now I have the rather unpleasant task of upgrading my own customised
policy from the FC13 to FC15 version. Are there any changes from FC13 to
FC15 in terms of the language syntax or anything else I need to be aware
of before I start?
Not that I recall. F16 will add new stuff.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAk4CMZ0ACgkQrlYvE4MpobNMHwCggv7bZaDAYCwxoja+ek2e9+VC
HaIAoMM9V97gSfccgD9z1QPaqHZ6cZqB
=EYr7
-----END PGP SIGNATURE-----