Trouble with module
Joshua Brindle
jbrindle at tresys.com
Fri Oct 6 12:03:04 UTC 2006
Pierre JUHEN wrote:
> No, I didn't skip the middle step.
>
> I have turned around this problem for days, googleized a lot,
> I didnt find a clue.
>
> Why is semodule looking in a inexistant directory ?
>
>
the directory is there when the operation fails. semodule copies
everything from modules/active to modules/tmp to operate on it and when
it reads that file (toto.mod) it fails because it is a policy module and
not a policy package.
try semodule -r toto
though I don't know how that file got there in the first place, semodule
should have never accepted it
> I suspect a configuration problem, but where ?????
>
>
>> Message du 06/10/06 04:28
>> De : "Joshua Brindle" <method at gentoo.org>
>> A : "Pierre JUHEN" <pierre.juhen at wanadoo.fr>
>> Copie à : fedora-selinux-list at redhat.com
>> Objet : Re: Trouble with module
>>
>> Pierre JUHEN wrote:
>>
>>> To correct error messages appearing in the audit.log, I ran the
>>> procedure described in the audit2allow manual page.
>>>
>>> Here is the .te file :
>>>
>>> module local 1.0;
>>>
>>> require {
>>> class dir search;
>>> class fd use;
>>> class fifo_file write;
>>> class file { read write };
>>> class netlink_route_socket create;
>>> class unix_stream_socket { read write };
>>> type apmd_log_t;
>>> type cupsd_config_t;
>>> type cupsd_t;
>>> type dovecot_auth_t;
>>> type dovecot_t;
>>> type etc_mail_t;
>>> type etc_runtime_t;
>>> type hald_t;
>>> type home_root_t;
>>> type hostname_t;
>>> type restorecon_t;
>>> type semanage_t;
>>> type unconfined_t;
>>> type user_home_dir_t;
>>> type usr_t;
>>> type xdm_t;
>>> role system_r;
>>> };
>>>
>>> allow cupsd_config_t apmd_log_t:file { read write };
>>> allow cupsd_t apmd_log_t:file { read write };
>>> allow dovecot_auth_t self:netlink_route_socket create;
>>> allow dovecot_t etc_runtime_t:file read;
>>> allow dovecot_t unconfined_t:fifo_file write;
>>> allow dovecot_t xdm_t:fd use;
>>> allow hald_t home_root_t:dir search;
>>> allow hostname_t etc_mail_t:file read;
>>> allow hostname_t unconfined_t:fifo_file write;
>>> allow hostname_t usr_t:file read;
>>> allow hostname_t xdm_t:fd use;
>>> allow restorecon_t xdm_t:fd use;
>>> allow semanage_t unconfined_t:unix_stream_socket { read write };
>>> allow semanage_t user_home_dir_t:dir search;
>>>
>>> When I try to load the module using "semodule -i local.pp"
>>>
>>> Iget :
>>>
>>> libsepol.module_package_read_offsets: wrong magic number for module
>>> package: expected 4185718671, got 4185718669
>>> libsemanage.semanage_load_module: Error while reading from module
>>> file/etc/ selinux/targeted/modules/tmp/modules/toto.mod.
>>>
>>>
>> did you build a policy package correctly using the following commands:
>>
>> checkmodule -M -m local.te -o local.mod
>> semodule_package -m local.mod -o local.pp
>> semodule -i local.pp
>>
>>
>> it looks like you probably skipped the middle step..
>>
>>
More information about the fedora-selinux-list
mailing list