From: harrytaurus2002@hotmail.com (TaurusHarry) Date: Wed, 18 Aug 2010 13:24:41 +0000 Subject: [refpolicy] Problem about audit-test-2090 + refpolicy-2.20091117 In-Reply-To: <1282132367.4122.8.camel@flek> References: , <1282132367.4122.8.camel@flek> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hi Paul, > Subject: Re: Problem about audit-test-2090 + refpolicy-2.20091117 > From: paul.moore at hp.com > To: harrytaurus2002 at hotmail.com > CC: selinux at tycho.nsa.gov; refpolicy at oss1.tresys.com > Date: Wed, 18 Aug 2010 07:52:47 -0400 > > On Wed, 2010-08-18 at 10:26 +0000, TaurusHarry wrote: > > Hi SELinux exports, > > > > When I am trying to build the lspp_test.pp provided by > > audit-test-2090/utils/selinux-policy/lspp_test.* along with the > > refpolicy-20091117 source code, I copied lspp_test.* files to > > policy/modules/apps/ and then modified policy/modules.conf to declare > > "lspp_test = module", but I run into below error message ... > > Is there any reason why you copied the lspp_test policy files to the > refpolicy sources and tried to build it there? I'm not completely sure > that this is the cause of your problem but I can say for certain that > this is not a tested procedure for building the lspp_test module. > > The normal procedure is to build the lspp_test policy module separately > from the system's main SELinux policy, e.g. build and install the normal > system's SELinux policy (refpolicy-20091117 in your case) and after you > have verified that everything is working correctly you can change to the > directory audit-test-*/utils/selinux-policy directory and use the > Makefile located their to build the lspp_test module. > Many many thanks for your response! Well, after I installed SELinux header properly then I did could enter audit-test/utils/selinux-policy/ successfully built lspp_test.pp there, however, I run into below error messages when trying to insert it: [root/secadm_r/s0 at qemu-host selinux-policy]# semodule -i lspp_test.pp libsepol.expand_terule_helper: conflicting TE rule for (lspp_test_generic_t, sepgsql_db_t:db_table): old was user_sepgsql_table_t, new is sepgsql_table_t libsepol.expand_module: Error during expand libsemanage.semanage_expand_sandbox: Expand module failed semodule: Failed! [root/secadm_r/s0 at qemu-host selinux-policy]# Very honestly speaking I am clueless about such error message, so I tried to compile lspp_test.pp along with refpolicy source code just to see if such problem could simply disappear. Do you have some comments or suggestions about it? Moreover, the audit-test-2090 seems to be a little "old" than the refpolicy-2.20091117, for example, the lspp_test.te calls mls_file_read_up() rather than the expected mls_file_read_all_levels(), do you know if I could find some latest version of audit-test package or some latest version of the lspp_test.* files? Thank you very much! Best regards, Harry > -- > paul moore > linux @ hp > > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo at tycho.nsa.gov with > the words "unsubscribe selinux" without quotes as the message. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20100818/59ea3c12/attachment-0001.html