[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux Module Packaging in FC5



Stephen Smalley wrote:
On Tue, 2006-05-16 at 16:56 +0100, Paul Howarth wrote:
Next problem:

I built and tested the package on one system, which was fully up to date. Worked fine. Then tried installing the package on other system that was running an older kernel and had older libsepol and selinux-policy-targeted packages. The result was:

# rpm -Uvh contagged-0.3-2.noarch.rpm
Preparing... ########################################### [100%] 1:contagged warning: /etc/httpd/conf.d/contagged.conf created as /etc/httpd/conf.d/contagged.conf.rpmnew
########################################### [100%]
libsepol.class_copy_callback: contagged: Modules may not yet declare new classes.
libsemanage.semanage_link_sandbox: Link packages failed
/usr/sbin/semodule:  Failed!
# rpm -q selinux-policy-targeted libsepol libsemanage
selinux-policy-targeted-2.2.34-3.fc5
libsepol-1.12.4-1.fc5
libsemanage-1.6.2-2.fc5

After doing a "yum update" on this system, the package installed cleanly.

Is this a result of the required feature being missing from one of these (or some other) packages, or is a compiled .pp module compatible only with the specific version of something it was built against?

I'm confused - I thought you said that the policy package only contained
a file contexts section, not a policy module.  Was there a policy
module?  If so, what was the source?  The above looks like a bug to me.

It contains a policy module, but the module only includes file contexts.

The .if file is empty.

The .te file is just:
---------------------------------------------------------------------
# It's currently only necessary to set file contexts for the cache directory
# in this policy, but doing it in a module is easier from a package maintenance
# point of view than using semanage and chcon in scriptlets

policy_module(contagged, 0.1)

########################################
#
# Declarations
#

# (none needed)


########################################
#
# Local policy
#


# (none needed)
---------------------------------------------------------------------

The .fc file is:
---------------------------------------------------------------------
/var/cache/contagged(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
---------------------------------------------------------------------

The module was built on a system with:
$ rpm -q selinux-policy-targeted libsepol libsemanage
selinux-policy-targeted-2.2.38-1.fc5
libsepol-1.12.6-1.fc5
libsemanage-1.6.2-2.fc5

The error occurred when the package was installed on a system with:
$ rpm -q selinux-policy-targeted libsepol libsemanage
selinux-policy-targeted-2.2.34-3.fc5
libsepol-1.12.4-1.fc5
libsemanage-1.6.2-2.fc5

Paul.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]