After I installed the latest selinux toolchain and tried to build the
policy store from scratch, semodule failed to link with the latest
libsepol, even if I think I had setup the environment variables well.
How to reproduce:
1. install selinux toolchain to /work/install, for example:
env TEST_TOOLCHAIN=/work/install make
mkdir -p /home/cao/tmp/
env DESTDIR=/home/cao/tmp make install
Of course, a certain order should be followed so that the dependencies
could be installed first.
2. use the latest selinux toolchain to compile refpolicy:
export TEST_TOOLCHAIN=/work/install && make
mkdir -p /home/cao/tmp/
env DESTDIR=/home/cao/tmp make install
3. setup a skeletion of policy store in /home/cao/tmp
mkdir -p etc/selinux/refpolicy/modules/active/modules
mkdir -p etc/selinux/refpolicy/policy
Then copy PPs there:
for i in $(ls usr/share/selinux/refpolicy/*.pp); do bzip2 -c $i >
etc/selinux/refpolicy/modules/active/modules/$(basename $i) ; done
mv etc/selinux/refpolicy/modules/active/modules/base.pp
etc/selinux/refpolicy/modules/active/
4. build policy store and policy.X by semodule
env LD_LIBRARY_PATH="/work/install/lib:/work/install/usr/lib" semodule -p
/home/cao/tmp -s refpolicy -n -B
Sadly, the latest libsepol.so.1 failed to be linked with:
[cao at localhost tmp]$ which semodule
/work/install/usr/sbin/semodule
[cao at localhost tmp]$ env
LD_LIBRARY_PATH="/work/install/lib:/work/install/usr/lib" semodule -p . -s
refpolicy -n -B
libsepol.policydb_read: policydb version 28 does not match my version range
15-27
libsepol.sepol_set_policydb_from_file: can't read binary policy: Success
Error reading policy .//etc/selinux/refpolicy/policy/policy.28: Success
libsemanage.semanage_install_active: setfiles returned error code 1.
libsemanage.semanage_install_active: Could not copy
.//etc/selinux/refpolicy/modules/active/policy.kern to
.//etc/selinux/refpolicy/policy/policy.28. (No such file or directory).
semodule: Failed!
[cao at localhost tmp]$
[cao at localhost tmp]$ ldd /work/install/usr/sbin/semodule | grep libsepol
libsepol.so.1 => /work/install/lib/libsepol.so.1 (0x00007f9d172ce000)
[cao at localhost tmp]$
What have I missed? Thanks!
BTW, after I downgraded policy.X to 26 by touching semanage.conf, the
semodule works as expected (a separate files_contexts.local needs to be
touched first)
Thanks,
Harry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20130606/61be9a99/attachment.html