From: qingtao.cao.au@gmail.com (Qingtao Cao) Date: Thu, 6 Jun 2013 18:31:20 +0800 Subject: [refpolicy] Problem of building policy store? Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com After I installed the latest selinux toolchain and tried to build the policy store from scratch, semodule failed to link with the latest libsepol, even if I think I had setup the environment variables well. How to reproduce: 1. install selinux toolchain to /work/install, for example: env TEST_TOOLCHAIN=/work/install make mkdir -p /home/cao/tmp/ env DESTDIR=/home/cao/tmp make install Of course, a certain order should be followed so that the dependencies could be installed first. 2. use the latest selinux toolchain to compile refpolicy: export TEST_TOOLCHAIN=/work/install && make mkdir -p /home/cao/tmp/ env DESTDIR=/home/cao/tmp make install 3. setup a skeletion of policy store in /home/cao/tmp mkdir -p etc/selinux/refpolicy/modules/active/modules mkdir -p etc/selinux/refpolicy/policy Then copy PPs there: for i in $(ls usr/share/selinux/refpolicy/*.pp); do bzip2 -c $i > etc/selinux/refpolicy/modules/active/modules/$(basename $i) ; done mv etc/selinux/refpolicy/modules/active/modules/base.pp etc/selinux/refpolicy/modules/active/ 4. build policy store and policy.X by semodule env LD_LIBRARY_PATH="/work/install/lib:/work/install/usr/lib" semodule -p /home/cao/tmp -s refpolicy -n -B Sadly, the latest libsepol.so.1 failed to be linked with: [cao at localhost tmp]$ which semodule /work/install/usr/sbin/semodule [cao at localhost tmp]$ env LD_LIBRARY_PATH="/work/install/lib:/work/install/usr/lib" semodule -p . -s refpolicy -n -B libsepol.policydb_read: policydb version 28 does not match my version range 15-27 libsepol.sepol_set_policydb_from_file: can't read binary policy: Success Error reading policy .//etc/selinux/refpolicy/policy/policy.28: Success libsemanage.semanage_install_active: setfiles returned error code 1. libsemanage.semanage_install_active: Could not copy .//etc/selinux/refpolicy/modules/active/policy.kern to .//etc/selinux/refpolicy/policy/policy.28. (No such file or directory). semodule: Failed! [cao at localhost tmp]$ [cao at localhost tmp]$ ldd /work/install/usr/sbin/semodule | grep libsepol libsepol.so.1 => /work/install/lib/libsepol.so.1 (0x00007f9d172ce000) [cao at localhost tmp]$ What have I missed? Thanks! BTW, after I downgraded policy.X to 26 by touching semanage.conf, the semodule works as expected (a separate files_contexts.local needs to be touched first) Thanks, Harry -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20130606/61be9a99/attachment.html