[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: failed to customize policy, SELinux won't let me
- From: Florin Andrei <florin andrei myip org>
- To: fedora-selinux-list redhat com
- Subject: Re: failed to customize policy, SELinux won't let me
- Date: Wed, 03 May 2006 10:05:53 -0700
On Wed, 2006-05-03 at 13:04 -0400, Stephen Smalley wrote:
> Yes, I noticed this as well - semanage/semodule policy doesn't appear to
> allow it to take input from user home directories presently. Nice from
> an integrity point of view (don't take untrustworthy inputs), but likely
> not workable for every day usage.
Still not working:
[root stantz custom]# pwd
/etc/selinux/custom
[root stantz custom]# ls -Z
-rw-r--r-- root root user_u:object_r:selinux_config_t local.fc
-rw-r--r-- root root user_u:object_r:selinux_config_t local.if
-rw-r--r-- root root user_u:object_r:selinux_config_t local.pp
-rw-r--r-- root root user_u:object_r:selinux_config_t local.te
drwxr-xr-x root root user_u:object_r:selinux_config_t tmp
[root stantz custom]# semodule -i local.pp
libsemanage.semanage_commit_sandbox: Error while
renaming /etc/selinux/targeted/modules/active
to /etc/selinux/targeted/modules/previous.
semodule: Failed!
[root stantz custom]# tail -n 1 /var/log/messages
May 3 10:02:51 stantz kernel: audit(1146675771.487:308): avc: denied
{ rename } for pid=3845 comm="semodule" name="active" dev=hda4
ino=2319743 scontext=user_u:system_r:semanage_t:s0
tcontext=user_u:object_r:selinux_config_t:s0 tclass=dir
:-(
--
Florin Andrei
http://florin.myip.org/
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]