From: guido@trentalancia.net (Guido Trentalancia) Date: Sun, 29 Jan 2017 21:29:07 +0100 Subject: [refpolicy] Install Directory for Reference Policy? In-Reply-To: References: <8978CC35-BED8-451C-BB84-F2335A256ADE@chaschperli.ch> Message-ID: <1485721747.10304.9.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hello again. First thing, if you meet problems again after trying the following advice, then it is probably a good idea to rename your new policy (the one that you build), so that you can distinguish from the default policy installed from your distribution (otherwise there is no difference other than the timestamp). On Sun, 29/01/2017 at 11.14 -0800, Naftuli Kay wrote: > Okay, so again to reiterate, I am on elementary Loki, which is Ubuntu > 16.04. I have installed all build dependencies and I have cloned the > Git repository to a local directory at > ~/Documents/Development/refpolicy. > > I have made sure that both the top-level Git repository (refpolicy) > and the refpolicy-contrib submodule are both up to date with latest > master from GitHub. > > Following Guido's guidance, I did the following: > > cd ~/Documents/Development/refpolicy > make clean > make conf > > I then edited build.conf to enable systemd, because that is my init > here on 16.04. I did not make any other modifications, the policy > name > is refpolicy and the type is standard. > > I then ran: > > $ sudo make install-src > rm -rf /etc/selinux/refpolicy/src/policy.old > mv /etc/selinux/refpolicy/src/policy > /etc/selinux/refpolicy/src/policy.old > mv: cannot stat '/etc/selinux/refpolicy/src/policy': No such file or > directory > Makefile:551: recipe for target 'install-src' failed > make: [install-src] Error 1 (ignored) > mkdir -p /etc/selinux/refpolicy/src/policy > cp -R . /etc/selinux/refpolicy/src/policy > > $ sudo make install-src > rm -rf /etc/selinux/refpolicy/src/policy.old > mv /etc/selinux/refpolicy/src/policy > /etc/selinux/refpolicy/src/policy.old > mkdir -p /etc/selinux/refpolicy/src/policy > cp -R . /etc/selinux/refpolicy/src/policy > > The first time, as shown, errored, and the second time seemed to > work. That is normal. > I then ran: > > make policy > sudo make install > > It compiled all of the modules and it seems that it installed > everything to /usr/share/selinux/refpolicy, rather than > /etc/selinux/refpolicy, which it seems is what my distribution > expects. > > I then ran > > sudo make load > > It failed with: > > /usr/sbin/semodule: SELinux policy is not managed or store cannot be > accessed. Perhaps, the policy that is currently loaded (from your distribution) uses a different directory to store the policy itself and therefore doesn't let you load the new policy from a different directory... In that case, you can try temporarily disabling SELinux by switching from "enforcing" mode to "permissive" mode, then load the new policy and finally switch back to SELinux "enforcing" mode: # setenforce 0 # sudo make load # setenforce 1 If you are still experiecing problems, try "make load" as root instead of sudo. I hope this helps... Regards, Guido