audit2allow broken?
Stephen Smalley
sds at tycho.nsa.gov
Wed May 9 18:53:57 UTC 2007
On Wed, 2007-05-09 at 13:47 -0500, Hongwei Li wrote:
> Hi,
>
> I have a fc6 linux box: kernel-2.6.20-1.2944.fc6, selinux-policy-2.4.6-62.fc6
> and selinux-policy-targeted-2.4.6-62.fc6, audit-1.4.2-5.fc6.
> The system works and I was trying to add some settings to the selinux policy
> by running audit2allow. It was okay before noon:
>
> # audit2allow -M local < /var/log/audit/audit.log
> # semodule -i local.pp
>
> The new modules were added and it works. However, later, I can't do it again,
> but always get error:
>
> # audit2allow -M local < /var/log/audit/audit.log
> compilation failed:
> (unknown source)::ERROR 'syntax error' at token '' on line 6:
>
> /usr/bin/checkmodule: error(s) encountered while parsing configuration
> /usr/bin/checkmodule: loading policy configuration from local.te
>
> and the file local.te has only one line:
>
> module local 1.0;
>
> not like before. Can somebody tell what is wrong? "on line 6" of what file?
> I reboot the system, still the same.
What version of policycoreutils?
The implication is that there were no avc denials
in /var/log/audit/audit.log, and thus the generated module was empty.
Possibly your audit logs were automatically rotated?
You should really be using the -a option btw, e.g.
audit2allow -a -M local
That will pull all messages from audit, including older audit logs I
believe.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list