From: Dale Amon <amon@vnl.com>
To: Russell Coker <russell@coker.com.au>
Cc: Dale Amon <amon@vnl.com>, selinux@tycho.nsa.gov
Subject: Re: Attn Colin: Overhelpful /usr/sbin/policy-remove-unwanted
Date: Sun, 29 Feb 2004 16:01:06 +0000 [thread overview]
Message-ID: <20040229160106.GH24151@vnl.com> (raw)
In-Reply-To: <200402291545.38528.russell@coker.com.au>
On Sun, Feb 29, 2004 at 03:45:38PM +1100, Russell Coker wrote:
> On Sun, 29 Feb 2004 15:26, Dale Amon <amon@vnl.com> wrote:
> > On Sun, Feb 29, 2004 at 01:44:28PM +1100, Russell Coker wrote:
> > > The syslog.te file has policy to allow syslog-ng to perform klogd
> > > functionality. Why don't you have syslogd working in that manner?
> >
> > I just thought about what you said here. Are we on the
> > same page? The problem I'm seeing is to do with Colin's
> > script deciding to remove klogd.te because there is no
> > klogd debian package installed... which is because the
> > debian syslog-ng package doesn't need the klogd package.
>
> That should be OK, the policy is written to support this.
>
> > This causes a problem later because the POLICY files
> > require klogd.te regardless of whether there is a
> > klogd debian package or not.
>
> What is the problem? When I compile a policy without klogd (suitable for a
> syslog-ng system) it works.
After Colin's install script removes klogd.te, the policy build fails:
Using policy installation method "Automatic"
/usr/bin/checkpolicy: loading policy configuration from /etc/security/selinux/src/policy.conf
ERROR 'unknown type klogd_t' at token ';' on line 39546:
#
neverallow ~klogd_t proc_kmsg_t:file ~{ getattr };
/usr/bin/checkpolicy: error(s) encountered while parsing configuration
make: *** [/etc/security/selinux/policy.15] Error 1
dpkg: error processing selinux-policy-default (--configure):
subprocess post-installation script returned error exit status 2
Errors were encountered while processing:
selinux-policy-default
In my current scripts, I have a workaround: after the initial
failure I have an explicit cp to replace klogd.te; this allows
me to successfully complete the package install.
--
------------------------------------------------------
Dale Amon amon@islandone.org +44-7802-188325
International linux systems consultancy
Hardware & software system design, security
and networking, systems programming and Admin
"Have Laptop, Will Travel"
------------------------------------------------------
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2004-02-29 16:01 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-02-28 18:14 Attn Colin: Overhelpful /usr/sbin/policy-remove-unwanted Dale Amon
2004-02-29 2:44 ` Russell Coker
2004-02-29 4:21 ` Dale Amon
2004-02-29 4:26 ` Dale Amon
2004-02-29 4:45 ` Russell Coker
2004-02-29 16:01 ` Dale Amon [this message]
2004-02-29 18:03 ` Russell Coker
2004-03-01 5:06 ` Colin Walters
2004-03-01 9:43 ` Dale Amon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040229160106.GH24151@vnl.com \
--to=amon@vnl.com \
--cc=russell@coker.com.au \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.