From: guido@trentalancia.net (Guido Trentalancia)
Date: Sat, 29 Oct 2016 18:24:06 +0200
Subject: [refpolicy] I want to use refpolicy in centos 7
In-Reply-To: <8dde386aff5e14f9d20bb3ec592cbea@cvwapp03.nm.nhnsystem.com>
References: <8dde386aff5e14f9d20bb3ec592cbea@cvwapp03.nm.nhnsystem.com>
Message-ID: <1477758246.1401.4.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hi.

On Thu, 27/10/2016 at 17.21 +0900, ??? via refpolicy wrote:
> I install centos7 and use targeted policy
> 
> But i want to use refpolicy for modifying policy so i did?download
> using?following steps
> 1. #git clone https://github.com/TresysTechnology/refpolicy.git
> 
> 2.?#cd refpolicy
> 3. #git submodule init
> 4. #git submodule update
> 5. Change build.conf file
> Type=mls
> NAME = refpolicy
> MONOLITHIC = y
> 6. #make install-src
> 7. cd /etc/selinux/refpolicy/src/policy/
> 8. #Make load
> 9. #Cd /etc/selinux and?Change config file
> SELINUX = permissive
> SELINUXTYPE = refpolicy
> 10. #touch /.autorelabel
> 11. #Reboot
> 
> After desktop is rebooted
> 12. #setenforce 1
> 13. ...... permission deny
> 14. #Sestatus
> ....
> Loaded policy name: targeted ???(refolicy -> targeted)
> Current mode : enforcing
> ....
> Mode from config file : error (permission denied)???
> 
> What shuoud i do?
> Helps me...?

You should try rebooting in permissive mode by passing the enforcing=0
option before boot (if you are using the "grub" bootloader, press "e"
during boot to edit kernel boot parameters).

On some systems, you might also try editing /etc/selinux/config and
replace "SELINUX=enforcing" with "SELINUX=permissive" (and then
reboot), although that is not guaranteed to work with all systems.

Then once you have booted in permissive mode, you should inspect the
audit log file (usually /var/log/audit.log) for SELinux permission
denials (log lines containing the " denied " string) and from that you
can understand what is going on (SELinux is denying some permissions
needed to run your system).

I hope it helps.

Guido