postfix, procmail and SELinux - No Go
Stephen Smalley
sds at tycho.nsa.gov
Tue Jun 20 13:02:06 UTC 2006
On Tue, 2006-06-20 at 13:26 +0100, Paul Howarth wrote:
> Stephen Smalley wrote:
> > On Tue, 2006-06-20 at 08:08 +0100, Paul Howarth wrote:
> >> On Mon, 2006-06-19 at 15:34 -0500, Marc Schwartz (via MN) wrote:
> >>> Thanks Paul!
> >>>
> >>> OK, so the building goes OK, but now when I try to install the modules,
> >>> I get the following error:
> >>>
> >>> # /usr/sbin/semodule -i procmail.pp
> >>> libsepol.class_copy_callback: procmail: Modules may not yet declare new classes.
> >>> libsemanage.semanage_link_sandbox: Link packages failed
> >>> /usr/sbin/semodule: Failed!
> >>>
> >>>
> >>> This occurs with each of the 5 modules.
> >>>
> >>> Due to the recent change as well or is there something else that I need
> >>> to do before installing the new module(s)?
> >> Not sure what that is. Can you try rebuilding all of the modules?
> >>
> >> # rm *.pp
> >> # make
> >>
> >> Paul.
> >
> > Also make sure that your selinux-policy package is fully up-to-date.
> > The error message suggests that your modules are bringing in newer class
> > definitions (via policy_module) that aren't defined in your base.pp,
> > which means your base.pp is out of date.
>
> How could this happen if the modules are being built on the same system
> as they are being used on?
Good question - you are correct, that should only happen in the case
where they are built on a different system (with more up-to-date policy)
than the destination system.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list