checkpolicy bombing on Fedora devel...
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Tue Sep 20 21:16:25 UTC 2005
On Tue, 20 Sep 2005 16:41:26 EDT, Stephen Smalley said:
> >From the info above, you have an id "s0" that is a sensitivity rather
> than a category, so the hashtab_search fails, but that code path fails
> to check for such failure and thus crashes rather than reporting it.
> Try the patch below.
OK.. No crash, something resembling a useful diagnostic. Probably want
to keep the patch....
(gdb) run -M -o policy.20 policy.conf
Starting program: /usr/src/redhat/BUILD/checkpolicy-1.27.1/checkpolicy -M -o policy.20 policy.conf
Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0xffffe000
/usr/src/redhat/BUILD/checkpolicy-1.27.1/checkpolicy: loading policy configuration from policy.conf
initial_sid_contexts:9:ERROR 'unknown category s0' at token 'sid' on line 428578:
sid security system_u:object_r:security_t:s0:s0
sid kernel system_u:system_r:kernel_t:s0:s0
/usr/src/redhat/BUILD/checkpolicy-1.27.1/checkpolicy: error(s) encountered while parsing configuration
"D'oh!" -- H. Simpson
After fixing initial_sid_contexts by hand, I got:
fs_use:8:ERROR 'unknown category s0' at token ';' on line 428624:
fs_use_xattr ext2 system_u:object_r:fs_t:s0:s0;
# Requires that a security xattr handler exist for the filesystem.
I think I trashed it by running 'make mcsconvert' (possibly twice) trying to
deal with the fact that my 'users' file didn't have :s0 type stuff in it....
Ended up doing an 'rpm -e selinux-policy-strict-sources' and then re-installing
it, all looks OK now.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20050920/1e7cc46c/attachment.sig>
More information about the fedora-selinux-list
mailing list