Permissive domain how-to?

Daniel J Walsh dwalsh at redhat.com
Fri Oct 24 19:14:27 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Eric Paris wrote:
> On Fri, 2008-10-24 at 07:10 +0900, Shintaro Fujiwara wrote:
>> Hi, I want to set permissive some domain as Mr Walsh gave us a hint,
>> but when I tried to do that,
>>
>> [root at notepc ~]# semanage permissive -a zabbix_t
>> /usr/sbin/semanage: Permission denied
>>
>> Another one was same result.
>>
>> Why ?
> 
> Obviously semanage permissive could use some work....
> 
> [root at paris-laptop ~]# semanage permissive -a zabbix_t
> Traceback (most recent call last):
>   File "/usr/sbin/semanage", line 477, in <module>
>     process_args(sys.argv[1:])
>   File "/usr/sbin/semanage", line 376, in process_args
>     OBJECT.add(target)
>   File "/usr/lib/python2.5/site-packages/seobject.py", line 345, in add
>     mc.create_module_package(filename, 1)
>   File "/usr/lib/python2.5/site-packages/sepolgen/module.py", line 172, in create_module_package
>     self.refpol_build(sourcename)
>   File "/usr/lib/python2.5/site-packages/sepolgen/module.py", line 186, in refpol_build
>     raise RuntimeError("compilation failed:\n%s" % self.last_output)
> RuntimeError: compilation failed:
> Compiling targeted permissive_zabbix_t module
> m4: tmp/permissive_zabbix_t.mod.role: No such file or directory
> make: *** [tmp/permissive_zabbix_t.mod] Error 1
> 
> You might be able to give some more info running
> 
> strace -o /tmp/semanage.strace -s 1024 semanage permissive -a zabbix_t
> 
> On the other hand you could build your own module by hand while we wait
> on dan to help us out with semamage....
> 
> policy_module(permissivezabbix, 1.0)
> gen_require(`
>        type zabbix_t;
> ')
> permissive zabbix_t;
> 
> checkmodule -M -m -o permissivezabbix.mod permissivezabbix.te
> semodule_package -o permissivezabbix.pp -m permissivezabbix.mod
> semodule -i permissivezabbix.pp
> 
> 
> 
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Building modulular policy is broken in rawhide.  So either form would
not work.

Fixed in selinux-policy-3.5.13-7.fc10

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkCHpMACgkQrlYvE4MpobOfBACgnnj1vMBhiDUppcoUp7VR+pUE
z9AAnRywfSaUcmDIhbN/AZ4XFixY2s6D
=maTl
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list