From: guido@trentalancia.net (Guido Trentalancia) Date: Sun, 29 Jan 2017 23:43:33 +0100 Subject: [refpolicy] Install Directory for Reference Policy? In-Reply-To: References: <8978CC35-BED8-451C-BB84-F2335A256ADE@chaschperli.ch> Message-ID: <1485729813.9034.5.camel@trentalancia.net> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, 29/01/2017 at 11.14 -0800, Naftuli Kay wrote: > Okay, so again to reiterate, I am on elementary Loki, which is Ubuntu > 16.04. I have installed all build dependencies and I have cloned the > Git repository to a local directory at > ~/Documents/Development/refpolicy. > > I have made sure that both the top-level Git repository (refpolicy) > and the refpolicy-contrib submodule are both up to date with latest > master from GitHub. > > Following Guido's guidance, I did the following: > > cd ~/Documents/Development/refpolicy > make clean > make conf > > I then edited build.conf to enable systemd, because that is my init > here on 16.04. I did not make any other modifications, the policy > name > is refpolicy and the type is standard. > > I then ran: > > $ sudo make install-src > rm -rf /etc/selinux/refpolicy/src/policy.old > mv /etc/selinux/refpolicy/src/policy > /etc/selinux/refpolicy/src/policy.old > mv: cannot stat '/etc/selinux/refpolicy/src/policy': No such file or > directory > Makefile:551: recipe for target 'install-src' failed > make: [install-src] Error 1 (ignored) > mkdir -p /etc/selinux/refpolicy/src/policy > cp -R . /etc/selinux/refpolicy/src/policy > > $ sudo make install-src > rm -rf /etc/selinux/refpolicy/src/policy.old > mv /etc/selinux/refpolicy/src/policy > /etc/selinux/refpolicy/src/policy.old > mkdir -p /etc/selinux/refpolicy/src/policy > cp -R . /etc/selinux/refpolicy/src/policy > > The first time, as shown, errored, and the second time seemed to > work. > > I then ran: > > make policy > sudo make install > > It compiled all of the modules and it seems that it installed > everything to /usr/share/selinux/refpolicy, rather than > /etc/selinux/refpolicy, which it seems is what my distribution > expects. > > I then ran > > sudo make load > > It failed with: > > /usr/sbin/semodule: SELinux policy is not managed or store cannot be > accessed. > > There is a lot of debugging output which I have listed here: > https://gist.github.com/naftulikay/3c24fc7a1d63f26c3e401f6ed5a1f8b5 After looking more carefully at the files that have been installed on your system, I realize that you are missing the actual binary policy. It's a file named "policy.29" or "policy.30" and that goes in /etc/selinux/refpolicy. It should be generated during "make policy", but you have not mentioned about errors during that build stage... In the development tree, it is located top- level:?~/Documents/Development/refpolicy/policy.29 or?~/Documents/Development/refpolicy/policy.30 Without more information, I don't know why you are missing that... It should be generated by checkpolicy. Do you have checkpolicy installed ? Try typing "checkpolicy -V". Regards, Guido