Re: State of Debian SELinux

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Dale Amon <amon@vnl.com>
To: Dale Amon <amon@vnl.com>, selinux@tycho.nsa.gov
Subject: Re: State of Debian SELinux
Date: Sun, 18 Sep 2005 22:58:41 +0100	[thread overview]
Message-ID: <20050918215841.GA7480@vnl.com> (raw)
In-Reply-To: <20050918104219.GW9092@lkcl.net>

[-- Attachment #1: Type: text/plain, Size: 2377 bytes --]

On Sun, Sep 18, 2005 at 11:42:19AM +0100, Luke Kenneth Casson Leighton wrote:
> On Sun, Sep 18, 2005 at 10:58:07AM +0100, Dale Amon wrote:
> > Ouch. Well, I'm only interested in getting it up on rack mount
> > server class machines with no fancy workstation apps on them. 
> > Nothing but LAMP's.
>   then you would do well to consider gentoo/hardened instead!!

Not an option. The software driving the active the site was
written specifically for debian and in debian packages. I'd
hate to have to go back to them and say, well, you know those
really neat debian packages I did last year...

> > I'm picking that up from Russel's repository during the upgrade
> > and it does install okay.
> 
>  look for manoj's stuff.

I will, but just in case, do you have a url?
 
>  okay, you need to reboot first with ... damn it's been a while...
> 
>  selinux=1 enabled=0

Actually, its enforcing=0. And unfortuneately that doesn't help.
I still get the same error messages as before.  
 
>  it's something to do with failures in the make process which i never
>  got to the bottom of - probably some of the libselinux / sepol
>  libraries detecting that selinux wasn't enabled, and not allowing
>  the build process to proceed properly.

There is definitely something I am missing with libsepol because
there is an error about it which means absolutely nothing to me
that causes dselect to give up on installing the default policy.
It also seems to mean nothing to Google so I guess it has not come
up on the mail list either:

	/usr/bin/checkpolicy: loading policy configuration from policy.conf
	libsepol.expand_avtab_insert: Type conflict!
	Out of memory - unable to check assertions.
	Check assertions failed.

Highly informative, n'est-ce pas? I can reproduce it manually:

	cd /etc/selinux/src/
	/usr/bin/checkpolicy

>  most people only build and install selinux on already-useable
>  selinux systems.

*amon turns to watch a chicken racing an egg across the road...

-- 
------------------------------------------------------
   Dale Amon     amon@islandone.org    +44-7802-188325
       International linux systems consultancy
     Hardware & software system design, security
    and networking, systems programming and Admin
	      "Have Laptop, Will Travel"
------------------------------------------------------

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

next prev parent reply	other threads:[~2005-09-18 22:02 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-09-17 23:31 State of Debian SELinux Dale Amon
2005-09-18  0:10 ` Jiann-Ming Su
2005-09-18  9:47   ` Dale Amon
2005-09-18  0:15 ` Luke Kenneth Casson Leighton
2005-09-18  9:58   ` Dale Amon
2005-09-18 10:42     ` Luke Kenneth Casson Leighton
2005-09-18 21:58       ` Dale Amon [this message]
2005-09-18 22:48         ` Luke Kenneth Casson Leighton
2005-09-19 11:15           ` Dale Amon
2005-09-19 11:56             ` Luke Kenneth Casson Leighton
2005-09-19 12:12               ` Stephen Smalley
2005-09-23 18:53         ` sswami
2005-09-23 20:02           ` Stephen Smalley
2005-09-19 12:27 ` Stephen Smalley
2005-09-20 18:10   ` Dale Amon
2005-09-20 20:14     ` Stephen Smalley
2005-09-22 19:41       ` Stephen Smalley
2005-09-22 21:31         ` Dale Amon
2005-09-22 21:38           ` Dale Amon
2005-09-22 22:43             ` Dale Amon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20050918215841.GA7480@vnl.com \
    --to=amon@vnl.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.