Trouble with module

Fri Oct 6 18:59:27 UTC 2006

On Fri, 2006-10-06 at 20:55 +0200, Pierre JUHEN wrote:
>  I did semodule -r toto :
> 
> libsepol.module_package_read_offsets: wrong magic number for module 
> package:  expected 4185718671, got 4185718669
> libsemanage.semanage_load_module: Error while reading from module file 
> /etc/selinux/targeted/modules/tmp/modules/toto.mod.
> semodule:  Failed!
> 
> semodule -r local
> 
> libsemanage.semanage_direct_remove: Module local was not found.
> semodule:  Failed on local!
> 
> [root at pierre ~]# ls -lZ /etc/selinux/targeted/modules/active/modules
> -rw-r--r--  root root root:object_r:semanage_store_t   toto.mod
> -rw-r--r--  root root root:object_r:semanage_store_t   toto.pp
> -rw-r--r--  root root system_u:object_r:semanage_store_t toto.te
> 
> I don't understand.
> 
> Thank you for your help.
> 

you need to delete toto.te and toto.mod from that directory. Those
should have never been there, the module directory is a private
directory that only libsemanage should be writing to.

> 
> 
> 
> Joshua Brindle a écrit :
> > Pierre JUHEN wrote:
> >> No, I didn't skip the middle step.
> >>
> >> I have turned around this problem for days, googleized a lot,
> >> I didnt find a clue.
> >>
> >> Why is semodule looking in a inexistant directory ?
> >>
> >>   
> > the directory is there when the operation fails. semodule copies 
> > everything from modules/active to modules/tmp to operate on it and 
> > when it reads that file (toto.mod) it fails because it is a policy 
> > module and not a policy package.
> >
> > try semodule -r toto
> >
> > though I don't know how that file got there in the first place, 
> > semodule should have never accepted it
> >> I suspect a configuration problem, but where ?????
> >>
> >>  
> >>> Message du 06/10/06 04:28
> >>> De : "Joshua Brindle" <method at gentoo.org>
> >>> A : "Pierre JUHEN" <pierre.juhen at wanadoo.fr>
> >>> Copie à : fedora-selinux-list at redhat.com
> >>> Objet : Re: Trouble with module
> >>>
> >>> Pierre JUHEN wrote:
> >>>    
> >>>> To correct error messages appearing in the audit.log, I ran the 
> >>>> procedure described in the audit2allow manual page.
> >>>>
> >>>> Here is the .te file :
> >>>>
> >>>> module local 1.0;
> >>>>
> >>>> require {
> >>>>    class dir search;
> >>>>    class fd use;
> >>>>    class fifo_file write;
> >>>>    class file { read write };
> >>>>    class netlink_route_socket create;
> >>>>    class unix_stream_socket { read write };
> >>>>    type apmd_log_t;
> >>>>    type cupsd_config_t;
> >>>>    type cupsd_t;
> >>>>    type dovecot_auth_t;
> >>>>    type dovecot_t;
> >>>>    type etc_mail_t;
> >>>>    type etc_runtime_t;
> >>>>    type hald_t;
> >>>>    type home_root_t;
> >>>>    type hostname_t;
> >>>>    type restorecon_t;
> >>>>    type semanage_t;
> >>>>    type unconfined_t;
> >>>>    type user_home_dir_t;
> >>>>    type usr_t;
> >>>>    type xdm_t;
> >>>>    role system_r;
> >>>> };
> >>>>
> >>>> allow cupsd_config_t apmd_log_t:file { read write };
> >>>> allow cupsd_t apmd_log_t:file { read write };
> >>>> allow dovecot_auth_t self:netlink_route_socket create;
> >>>> allow dovecot_t etc_runtime_t:file read;
> >>>> allow dovecot_t unconfined_t:fifo_file write;
> >>>> allow dovecot_t xdm_t:fd use;
> >>>> allow hald_t home_root_t:dir search;
> >>>> allow hostname_t etc_mail_t:file read;
> >>>> allow hostname_t unconfined_t:fifo_file write;
> >>>> allow hostname_t usr_t:file read;
> >>>> allow hostname_t xdm_t:fd use;
> >>>> allow restorecon_t xdm_t:fd use;
> >>>> allow semanage_t unconfined_t:unix_stream_socket { read write };
> >>>> allow semanage_t user_home_dir_t:dir search;
> >>>>
> >>>> When I try to load the module using "semodule -i local.pp"
> >>>>
> >>>> Iget :
> >>>>
> >>>> libsepol.module_package_read_offsets: wrong magic number for module 
> >>>> package:  expected 4185718671, got 4185718669
> >>>> libsemanage.semanage_load_module: Error while reading from module 
> >>>> file/etc/ selinux/targeted/modules/tmp/modules/toto.mod.
> >>>>
> >>>>       
> >>> did you build a policy package correctly using the following commands:
> >>>
> >>> checkmodule -M -m local.te -o local.mod
> >>> semodule_package -m local.mod -o local.pp
> >>> semodule -i local.pp
> >>>
> >>>
> >>> it looks like you probably skipped the middle step..
> >>>
> >>>     
> >
> >
> 