On Thu, 2011-03-03 at 21:45 +0800, Jingkang Zhou wrote:
> I have tried to compile the policy using commands below:
> make bare
> make conf
> make policy
>
>
> "make policy" gives the error in the title.
>
>
> policy:refpolicy-2.20101213
>
>
> the error also appeared when i followed this page and got to "make
> install":
> http://oss.tresys.com/projects/refpolicy/wiki/UseRefpolicy
>
>
> My operating system is a user mode linux running Debian squeeze.
> And
> dependencies(http://oss.tresys.com/projects/refpolicy/wiki/DownloadRelease) of refpolicy has all been installed or updated.
refpolicy questions should go to refpolicy at oss.tresys.com; see:
http://oss.tresys.com/mailman/listinfo/refpolicy
I've cc'd them on my reply, but you'll need to subscribe.
I'd guess however that you got an error during the make conf portion or
else you would have some enabled modules. The actual output from make
conf would be useful, as would the final modules.conf file.
--
Stephen Smalley
National Security Agency
2011/3/4 Stephen Smalley <[email protected]>
> On Thu, 2011-03-03 at 21:45 +0800, Jingkang Zhou wrote:
> > I have tried to compile the policy using commands below:
> > make bare
> > make conf
> > make policy
> >
> >
> > "make policy" gives the error in the title.
> >
> >
> > policy:refpolicy-2.20101213
> >
> >
> > the error also appeared when i followed this page and got to "make
> > install":
> > http://oss.tresys.com/projects/refpolicy/wiki/UseRefpolicy
> >
> >
> > My operating system is a user mode linux running Debian squeeze.
> > And
> > dependencies(
> http://oss.tresys.com/projects/refpolicy/wiki/DownloadRelease) of
> refpolicy has all been installed or updated.
>
> refpolicy questions should go to refpolicy at oss.tresys.com; see:
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
> I've cc'd them on my reply, but you'll need to subscribe.
>
> I'd guess however that you got an error during the make conf portion or
> else you would have some enabled modules. The actual output from make
> conf would be useful, as would the final modules.conf file.
>
> --
> Stephen Smalley
> National Security Agency
>
>
thanks very much for reply~
I checked the output of make conf and it got to the end successfully.
The result of lsmod is empty.
The full txt version of make conf results and modules.conf file is attached
in the end.
modules.conf:
corecommands = base
corenetwork = base
devices = base
domain = base
files = base
filesystem = base
kernel = base
mcs = base
mls = base
selinux = base
terminal = base
ubac = base
acct = module
alsa = module
amanda = module
amtu = module
anaconda = module
apt = module
backup = module
bootloader = module
brctl = module
certwatch = module
consoletype = module
ddcprobe = module
dmesg = module
dmidecode = module
dpkg = module
firstboot = module
kismet = module
kudzu = module
logrotate = module
logwatch = module
mcelog = module
mrtg = module
netutils = module
portage = module
prelink = module
quota = module
readahead = module
rpm = module
sectoolm = module
shorewall = module
smoltclient = module
su = module
sudo = module
sxid = module
tmpreaper = module
tripwire = module
tzdata = module
updfstab = module
usbmodules = module
usermanage = module
vbetool = module
vpn = module
ada = module
authbind = module
awstats = module
calamaris = module
cdrecord = module
cpufreqselector = module
ethereal = module
evolution = module
games = module
gift = module
gitosis = module
gnome = module
gpg = module
irc = module
java = module
loadkeys = module
lockdev = module
mono = module
mozilla = module
mplayer = module
podsleuth = module
ptchown = module
pulseaudio = module
qemu = module
rssh = module
screen = module
seunshare = module
slocate = module
thunderbird = module
tvtime = module
uml = module
userhelper = module
usernetctl = module
vmware = module
webalizer = module
wine = module
wireshark = module
wm = module
xscreensaver = module
yam = module
storage = module
auditadm = module
dbadm = module
guest = module
logadm = module
secadm = module
staff = module
sysadm = module
unprivuser = module
webadm = module
xguest = module
abrt = module
afs = module
aide = module
aisexec = module
amavis = module
apache = module
apcupsd = module
apm = module
arpwatch = module
asterisk = module
audioentropy = module
automount = module
avahi = module
bind = module
bitlbee = module
bluetooth = module
canna = module
ccs = module
certmaster = module
certmonger = module
chronyd = module
cipe = module
clamav = module
clockspeed = module
clogd = module
cobbler = module
comsat = module
consolekit = module
corosync = module
courier = module
cpucontrol = module
cron = module
cups = module
cvs = module
cyphesis = module
cyrus = module
dante = module
dbskk = module
dbus = module
dcc = module
ddclient = module
denyhosts = module
devicekit = module
dhcp = module
dictd = module
distcc = module
djbdns = module
dkim = module
dnsmasq = module
dovecot = module
exim = module
fail2ban = module
fetchmail = module
finger = module
fprintd = module
ftp = module
gatekeeper = module
git = module
gnomeclock = module
gpm = module
gpsd = module
hal = module
hddtemp = module
howl = module
i18n_input = module
icecast = module
ifplugd = module
imaze = module
inetd = module
inn = module
ircd = module
irqbalance = module
jabber = module
kerberos = module
kerneloops = module
ksmtuned = module
ktalk = module
ldap = module
likewise = module
lircd = module
lpd = module
mailman = module
memcached = module
milter = module
modemmanager = module
monop = module
mta = module
munin = module
mysql = module
nagios = module
nessus = module
networkmanager = module
nis = module
nscd = module
nsd = module
nslcd = module
ntop = module
ntp = module
nut = module
nx = module
oav = module
oddjob = module
oident = module
openca = module
openct = module
openvpn = module
pads = module
pcscd = module
pegasus = module
perdition = module
pingd = module
plymouthd = module
policykit = module
portmap = module
portreserve = module
portslave = module
postfix = module
postfixpolicyd = module
postgresql = module
postgrey = module
ppp = module
prelude = module
privoxy = module
procmail = module
psad = module
publicfile = module
puppet = module
pxe = module
pyicqt = module
pyzor = module
qmail = module
radius = module
radvd = module
razor = module
rdisc = module
remotelogin = module
resmgr = module
rgmanager = module
rhcs = module
rhgb = module
ricci = module
rlogin = module
roundup = module
rpc = module
rpcbind = module
rshd = module
rsync = module
rtkit = module
rwho = module
samba = module
sasl = module
sendmail = module
setroubleshoot = module
slrnpull = module
smartmon = module
smokeping = module
snmp = module
snort = module
soundserver = module
spamassassin = module
speedtouch = module
squid = module
ssh = module
sssd = module
stunnel = module
sysstat = module
tcpd = module
telnet = module
tftp = module
tgtd = module
timidity = module
tor = module
transproxy = module
tuned = module
ucspitcp = module
ulogd = module
uptime = module
usbmuxd = module
uucp = module
uwimap = module
varnishd = module
vhostmd = module
virt = module
w3c = module
watchdog = module
xfs = module
xprint = module
xserver = module
zabbix = module
zebra = module
zosremote = module
application = module
authlogin = module
clock = module
daemontools = module
fstools = module
getty = module
hostname = module
hotplug = module
init = module
ipsec = module
iptables = module
iscsi = module
kdump = module
libraries = module
locallogin = module
logging = module
lvm = module
miscfiles = module
modutils = module
mount = module
netlabel = module
pcmcia = module
raid = module
selinuxutil = module
setrans = module
sysnetwork = module
udev = module
unconfined = module
userdomain = module
xen = module
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20110306/8f36f26d/attachment-0001.html
-------------- next part --------------
m4 -D self_contained_policy -D enable_ubac -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D hide_broken_symptoms -D self_contained_policy policy/modules/kernel/corenetwork.te.m4 policy/modules/kernel/corenetwork.te.in \
| sed -e 's/dollarsone/\$1/g' -e 's/dollarszero/\$0/g' >> policy/modules/kernel/corenetwork.te
cat policy/modules/kernel/corenetwork.if.in >> policy/modules/kernel/corenetwork.if
egrep "^[[:blank:]]*network_(interface|node|port|packet)(_controlled)?\(.*\)" policy/modules/kernel/corenetwork.te.in \
| m4 -D self_contained_policy -D enable_ubac -D mls_num_sens=16 -D mls_num_cats=1024 -D mcs_num_cats=1024 -D hide_broken_symptoms -D self_contained_policy policy/modules/kernel/corenetwork.if.m4 - \
| sed -e 's/dollarsone/\$1/g' -e 's/dollarszero/\$0/g' >> policy/modules/kernel/corenetwork.if
cat policy/modules/admin/metadata.xml > tmp/admin.xml
for i in policy/modules/admin/acct policy/modules/admin/alsa policy/modules/admin/amanda policy/modules/admin/amtu policy/modules/admin/anaconda policy/modules/admin/apt policy/modules/admin/backup policy/modules/admin/bootloader policy/modules/admin/brctl policy/modules/admin/certwatch policy/modules/admin/consoletype policy/modules/admin/ddcprobe policy/modules/admin/dmesg policy/modules/admin/dmidecode policy/modules/admin/dpkg policy/modules/admin/firstboot policy/modules/admin/kismet policy/modules/admin/kudzu policy/modules/admin/logrotate policy/modules/admin/logwatch policy/modules/admin/mcelog policy/modules/admin/mrtg policy/modules/admin/netutils policy/modules/admin/portage policy/modules/admin/prelink policy/modules/admin/quota policy/modules/admin/readahead policy/modules/admin/rpm policy/modules/admin/sectoolm policy/modules/admin/shorewall policy/modules/admin/smoltclient policy/modules/admin/su policy/modules/admin/sudo policy/modules/admin/sxid policy/modules/admin/tmpreaper policy/modules/admin/tripwire policy/modules/admin/tzdata policy/modules/admin/updfstab policy/modules/admin/usbmodules policy/modules/admin/usermanage policy/modules/admin/vbetool policy/modules/admin/vpn; do python -E support/segenxml.py -w -m $i >> tmp/admin.xml; done
cat policy/modules/apps/metadata.xml > tmp/apps.xml
for i in policy/modules/apps/ada policy/modules/apps/authbind policy/modules/apps/awstats policy/modules/apps/calamaris policy/modules/apps/cdrecord policy/modules/apps/cpufreqselector policy/modules/apps/ethereal policy/modules/apps/evolution policy/modules/apps/games policy/modules/apps/gift policy/modules/apps/gitosis policy/modules/apps/gnome policy/modules/apps/gpg policy/modules/apps/irc policy/modules/apps/java policy/modules/apps/loadkeys policy/modules/apps/lockdev policy/modules/apps/mono policy/modules/apps/mozilla policy/modules/apps/mplayer policy/modules/apps/podsleuth policy/modules/apps/ptchown policy/modules/apps/pulseaudio policy/modules/apps/qemu policy/modules/apps/rssh policy/modules/apps/screen policy/modules/apps/seunshare policy/modules/apps/slocate policy/modules/apps/thunderbird policy/modules/apps/tvtime policy/modules/apps/uml policy/modules/apps/userhelper policy/modules/apps/usernetctl policy/modules/apps/vmware policy/modules/apps/webalizer policy/modules/apps/wine policy/modules/apps/wireshark policy/modules/apps/wm policy/modules/apps/xscreensaver policy/modules/apps/yam; do python -E support/segenxml.py -w -m $i >> tmp/apps.xml; done
cat policy/modules/kernel/metadata.xml > tmp/kernel.xml
for i in policy/modules/kernel/corecommands policy/modules/kernel/corenetwork policy/modules/kernel/devices policy/modules/kernel/domain policy/modules/kernel/files policy/modules/kernel/filesystem policy/modules/kernel/kernel policy/modules/kernel/mcs policy/modules/kernel/mls policy/modules/kernel/selinux policy/modules/kernel/storage policy/modules/kernel/terminal policy/modules/kernel/ubac; do python -E support/segenxml.py -w -m $i >> tmp/kernel.xml; done
cat policy/modules/roles/metadata.xml > tmp/roles.xml
for i in policy/modules/roles/auditadm policy/modules/roles/dbadm policy/modules/roles/guest policy/modules/roles/logadm policy/modules/roles/secadm policy/modules/roles/staff policy/modules/roles/sysadm policy/modules/roles/unprivuser policy/modules/roles/webadm policy/modules/roles/xguest; do python -E support/segenxml.py -w -m $i >> tmp/roles.xml; done
cat policy/modules/services/metadata.xml > tmp/services.xml
for i in policy/modules/services/abrt policy/modules/services/afs policy/modules/services/aide policy/modules/services/aisexec policy/modules/services/amavis policy/modules/services/apache policy/modules/services/apcupsd policy/modules/services/apm policy/modules/services/arpwatch policy/modules/services/asterisk policy/modules/services/audioentropy policy/modules/services/automount policy/modules/services/avahi policy/modules/services/bind policy/modules/services/bitlbee policy/modules/services/bluetooth policy/modules/services/canna policy/modules/services/ccs policy/modules/services/certmaster policy/modules/services/certmonger policy/modules/services/chronyd policy/modules/services/cipe policy/modules/services/clamav policy/modules/services/clockspeed policy/modules/services/clogd policy/modules/services/cobbler policy/modules/services/comsat policy/modules/services/consolekit policy/modules/services/corosync policy/modules/services/courier policy/modules/services/cpucontrol policy/modules/services/cron policy/modules/services/cups policy/modules/services/cvs policy/modules/services/cyphesis policy/modules/services/cyrus policy/modules/services/dante policy/modules/services/dbskk policy/modules/services/dbus policy/modules/services/dcc policy/modules/services/ddclient policy/modules/services/denyhosts policy/modules/services/devicekit policy/modules/services/dhcp policy/modules/services/dictd policy/modules/services/distcc policy/modules/services/djbdns policy/modules/services/dkim policy/modules/services/dnsmasq policy/modules/services/dovecot policy/modules/services/exim policy/modules/services/fail2ban policy/modules/services/fetchmail policy/modules/services/finger policy/modules/services/fprintd policy/modules/services/ftp policy/modules/services/gatekeeper policy/modules/services/git policy/modules/services/gnomeclock policy/modules/services/gpm policy/modules/services/gpsd policy/modules/services/hal policy/modules/services/hddtemp policy/modules/services/howl policy/modules/services/i18n_input policy/modules/services/icecast policy/modules/services/ifplugd policy/modules/services/imaze policy/modules/services/inetd policy/modules/services/inn policy/modules/services/ircd policy/modules/services/irqbalance policy/modules/services/jabber policy/modules/services/kerberos policy/modules/services/kerneloops policy/modules/services/ksmtuned policy/modules/services/ktalk policy/modules/services/ldap policy/modules/services/likewise policy/modules/services/lircd policy/modules/services/lpd policy/modules/services/mailman policy/modules/services/memcached policy/modules/services/milter policy/modules/services/modemmanager policy/modules/services/monop policy/modules/services/mta policy/modules/services/munin policy/modules/services/mysql policy/modules/services/nagios policy/modules/services/nessus policy/modules/services/networkmanager policy/modules/services/nis policy/modules/services/nscd policy/modules/services/nsd policy/modules/services/nslcd policy/modules/services/ntop policy/modules/services/ntp policy/modules/services/nut policy/modules/services/nx policy/modules/services/oav policy/modules/services/oddjob policy/modules/services/oident policy/modules/services/openca policy/modules/services/openct policy/modules/services/openvpn policy/modules/services/pads policy/modules/services/pcscd policy/modules/services/pegasus policy/modules/services/perdition policy/modules/services/pingd policy/modules/services/plymouthd policy/modules/services/policykit policy/modules/services/portmap policy/modules/services/portreserve policy/modules/services/portslave policy/modules/services/postfix policy/modules/services/postfixpolicyd policy/modules/services/postgresql policy/modules/services/postgrey policy/modules/services/ppp policy/modules/services/prelude policy/modules/services/privoxy policy/modules/services/procmail policy/modules/services/psad policy/modules/services/publicfile policy/modules/services/puppet policy/modules/services/pxe policy/modules/services/pyicqt policy/modules/services/pyzor policy/modules/services/qmail policy/modules/services/radius policy/modules/services/radvd policy/modules/services/razor policy/modules/services/rdisc policy/modules/services/remotelogin policy/modules/services/resmgr policy/modules/services/rgmanager policy/modules/services/rhcs policy/modules/services/rhgb policy/modules/services/ricci policy/modules/services/rlogin policy/modules/services/roundup policy/modules/services/rpc policy/modules/services/rpcbind policy/modules/services/rshd policy/modules/services/rsync policy/modules/services/rtkit policy/modules/services/rwho policy/modules/services/samba policy/modules/services/sasl policy/modules/services/sendmail policy/modules/services/setroubleshoot policy/modules/services/slrnpull policy/modules/services/smartmon policy/modules/services/smokeping policy/modules/services/snmp policy/modules/services/snort policy/modules/services/soundserver policy/modules/services/spamassassin policy/modules/services/speedtouch policy/modules/services/squid policy/modules/services/ssh policy/modules/services/sssd policy/modules/services/stunnel policy/modules/services/sysstat policy/modules/services/tcpd policy/modules/services/telnet policy/modules/services/tftp policy/modules/services/tgtd policy/modules/services/timidity policy/modules/services/tor policy/modules/services/transproxy policy/modules/services/tuned policy/modules/services/ucspitcp policy/modules/services/ulogd policy/modules/services/uptime policy/modules/services/usbmuxd policy/modules/services/uucp policy/modules/services/uwimap policy/modules/services/varnishd policy/modules/services/vhostmd policy/modules/services/virt policy/modules/services/w3c policy/modules/services/watchdog policy/modules/services/xfs policy/modules/services/xprint policy/modules/services/xserver policy/modules/services/zabbix policy/modules/services/zebra policy/modules/services/zosremote; do python -E support/segenxml.py -w -m $i >> tmp/services.xml; done
cat policy/modules/system/metadata.xml > tmp/system.xml
for i in policy/modules/system/application policy/modules/system/authlogin policy/modules/system/clock policy/modules/system/daemontools policy/modules/system/fstools policy/modules/system/getty policy/modules/system/hostname policy/modules/system/hotplug policy/modules/system/init policy/modules/system/ipsec policy/modules/system/iptables policy/modules/system/iscsi policy/modules/system/kdump policy/modules/system/libraries policy/modules/system/locallogin policy/modules/system/logging policy/modules/system/lvm policy/modules/system/miscfiles policy/modules/system/modutils policy/modules/system/mount policy/modules/system/netlabel policy/modules/system/pcmcia policy/modules/system/raid policy/modules/system/selinuxutil policy/modules/system/setrans policy/modules/system/sysnetwork policy/modules/system/udev policy/modules/system/unconfined policy/modules/system/userdomain policy/modules/system/xen; do python -E support/segenxml.py -w -m $i >> tmp/system.xml; done
python -E support/segenxml.py -w -t policy/global_tunables > doc/global_tunables.xml
python -E support/segenxml.py -w -b policy/global_booleans > doc/global_booleans.xml
Creating policy.xml
echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > doc/policy.xml
echo '<!DOCTYPE policy SYSTEM "policy.dtd">' >> doc/policy.xml
echo '<policy>' >> doc/policy.xml
for i in admin apps kernel roles services system; do echo "<layer name=\"$i\">" >> doc/policy.xml; cat tmp/$i.xml >> doc/policy.xml; echo "</layer>" >> doc/policy.xml; done
cat doc/global_tunables.xml doc/global_booleans.xml >> doc/policy.xml
echo '</policy>' >> doc/policy.xml
if test -x /usr/bin/xmllint && test -f doc/policy.dtd; then \
/usr/bin/xmllint --noout --path doc/ --dtdvalid doc/policy.dtd doc/policy.xml ;\
fi
Updating policy/modules.conf and policy/booleans.conf
python -E support/sedoctool.py -b policy/booleans.conf -m policy/modules.conf -x doc/policy.xml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: modules.conf
Type: application/octet-stream
Size: 32126 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110306/8f36f26d/attachment-0001.obj
Errrr....
I finally solved the problem, by setting my uml file system back to lenny,
instead of squeeze..
many thanks..~
2011/3/4 Stephen Smalley <[email protected]>
> On Thu, 2011-03-03 at 21:45 +0800, Jingkang Zhou wrote:
> > I have tried to compile the policy using commands below:
> > make bare
> > make conf
> > make policy
> >
> >
> > "make policy" gives the error in the title.
> >
> >
> > policy:refpolicy-2.20101213
> >
> >
> > the error also appeared when i followed this page and got to "make
> > install":
> > http://oss.tresys.com/projects/refpolicy/wiki/UseRefpolicy
> >
> >
> > My operating system is a user mode linux running Debian squeeze.
> > And
> > dependencies(
> http://oss.tresys.com/projects/refpolicy/wiki/DownloadRelease) of
> refpolicy has all been installed or updated.
>
> refpolicy questions should go to refpolicy at oss.tresys.com; see:
> http://oss.tresys.com/mailman/listinfo/refpolicy
>
> I've cc'd them on my reply, but you'll need to subscribe.
>
> I'd guess however that you got an error during the make conf portion or
> else you would have some enabled modules. The actual output from make
> conf would be useful, as would the final modules.conf file.
>
> --
> Stephen Smalley
> National Security Agency
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20110307/55aaa297/attachment.html