From: sds@tycho.nsa.gov (Stephen Smalley)
Date: Mon, 25 Jan 2010 17:12:25 -0500
Subject: [refpolicy] Building MLS/MCS policy
In-Reply-To: <201001252200.o0PM0aYb021459@vivaldi39.register.it>
References: <201001252200.o0PM0aYb021459@vivaldi39.register.it>
Message-ID: <1264457545.4297.249.camel@moss-pluto.epoch.ncsc.mil>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 2010-01-25 at 23:00 +0100, Guido Trentalancia wrote:
> Stephen,
> 
> I have now removed all custom modules that were installed. This had to be done manually with "semodule -r".
> 
> But then, I get this other error when I do "make load" (on the MLS/MCS policy):
> 
> SELinux:  Could not load policy file /etc/selinux/refpolicy/policy/policy.24:  Invalid argument
> /usr/sbin/load_policy:  Can't load policy:  Invalid argument
> libsemanage.semanage_reload_policy: load_policy returned error code 2.
> /usr/sbin/semodule:  Failed!
> 
> Any other idea ?

Likely you've previously loaded a non-MLS policy into your kernel, and
the kernel will not allow a non-MLS -> MLS (or vice versa) switch at
runtime.  You'll have to reboot to bring it up with the MLS-enabled
policy.

-- 
Stephen Smalley
National Security Agency