From: paul.moore@hp.com (Paul Moore) Date: Wed, 18 Aug 2010 11:29:53 -0400 Subject: [refpolicy] Problem about audit-test-2090 + refpolicy-2.20091117 In-Reply-To: References: ,<1282132367.4122.8.camel@flek> Message-ID: <1282145393.4122.45.camel@flek> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 2010-08-18 at 13:24 +0000, TaurusHarry wrote: > Many many thanks for your response! > > Well, after I installed SELinux header properly then I did could enter > audit-test/utils/selinux-policy/ successfully built lspp_test.pp > there, however, I run into below error messages when trying to insert > it: > > [root/secadm_r/s0 at qemu-host selinux-policy]# semodule -i lspp_test.pp > libsepol.expand_terule_helper: conflicting TE rule for > ( lspp_test_generic_t, sepgsql_db_t:db_table): old was > user_sepgsql_table_t, new is sepgsql_table_t > libsepol.expand_module: Error during expand > libsemanage.semanage_expand_sandbox: Expand module failed > semodule: Failed! > [root/secadm_r/s0 at qemu-host selinux-policy]# > > Very honestly speaking I am clueless about such error message, so I > tried to compile lspp_test.pp along with refpolicy source code just to > see if such problem could simply disappear. Do you have some comments > or suggestions about it? Hmm, it looks like perhaps there is a conflict with the sepostgres policy? I'm not sure, I haven't built this policy on recent versions of the refpolicy. I've heard rumors that some of the RH guys are running audit-test on recent versions of Fedora/RHEL6 but I don't know if that includes all of the LSPP bits, e.g. the lspp_test policy module. If you want to play with SELinux policy, we're always accepting patches :) > Moreover, the audit-test-2090 seems to be a little "old" than the > refpolicy-2.20091117, for example, the lspp_test.te calls > mls_file_read_up() rather than the expected > mls_file_read_all_levels(), do you know if I could find some latest > version of audit-test package or some latest version of the > lspp_test.* files? You can always find the latest bits in the audit-test SVN repo on sf.net, however, I must admit that currently we've only tested it against RHEL5.x and some older Fedora releases. -- paul moore linux @ hp