[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: rawhide selinux-policy-strict whoopsage...
- From: Stephen Smalley <sds tycho nsa gov>
- To: Valdis Kletnieks vt edu
- Cc: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
- Subject: Re: rawhide selinux-policy-strict whoopsage...
- Date: Wed, 01 Feb 2006 14:39:37 -0500
On Thu, 2006-01-26 at 13:02 -0500, Valdis Kletnieks vt edu wrote:
> Ran yum, it tried to install selinux-policy-strict-2.2.5-1 and died a horrid death:
>
>
> Updating : selinux-policy-strict ####################### [13/24]
> libsepol.verify_module_requirements: Module acct's global requirements were not met: type/attribute sysadm_home_dir_t
> libsemanage.semanage_link_sandbox: Link packages failed
> semodule: Failed!
> libsepol.verify_module_requirements: Module alsa's global requirements were not met: type/attribute devlog_t
> libsemanage.semanage_link_sandbox: Link packages failed
> semodule: Failed!
> libsepol.verify_module_requirements: Module amanda's global requirements were not met: type/attribute sysadm_home_dir_t
> libsemanage.semanage_link_sandbox: Link packages failed
> semodule: Failed!
> .... (skipping scads of similar errors..)
> libsepol.verify_module_requirements: Module xserver's global requirements were not met: type/attribute logfile
> libsemanage.semanage_link_sandbox: Link packages failed
> semodule: Failed!
> libsepol.verify_module_requirements: Module zebra's global requirements were not met: type/attribute direct_init
> libsemanage.semanage_link_sandbox: Link packages failed
> semodule: Failed!
>
> Running strict/permissive. Any suggestions?
Looks like the .spec file needs to install all of the modules as a
single transaction to deal with mutually dependent modules. Or, it
could install them layer-by-layer. Unfortunately, current semodule
usage requires you to generate the list of all the modules, then prefix
them all with -i options, then pass that entire string as the
commandline to semodule. Something like:
# Location where modules are installed from policy package
cd /usr/share/selinux/strict
# Generate semodule command line with all non-base modules
ls *.pp | sed -e "/base.pp/d" -e "/enableaudit.pp/d" -e "i-i " | tr "\n" " " > out
# Run semodule
semodule -v `cat out`
--
Stephen Smalley
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]