From: Sven Vermeulen <sven.vermeulen@siphos.be>
To: Joshua Brindle <brindle@quarksecurity.com>
Cc: SELinux <selinux@tycho.nsa.gov>
Subject: Re: [Ann] SELinux userspace release
Date: Sat, 27 Apr 2013 09:46:28 +0200 [thread overview]
Message-ID: <20130427074628.GA23204@siphos.be> (raw)
In-Reply-To: <CAPzO=NyzomgTJoSvf9Ogxae2BDfWk=UFiu6C7qobNcMfDc7kgw@mail.gmail.com>
On Fri, Apr 26, 2013 at 08:36:05AM +0200, Sven Vermeulen wrote:
> > semanage permissive builds a module to make a permissive domain. On
> > Fedora there is an out-of-tree policy build environment in
> > /usr/share/selinux. Without this environment it can't build a module.
> > Does Gentoo have it in a different place or just not at all?
>
> In the previous release it worked so I probably need to find where the
> location is coded and have that point to
> /usr/share/selinux/$SELINUXTYPE/include/Makefile or so. That is the
> Makefile used to build (refpolicy-style) policy modules here.
I've been able to get this to work by creating a /etc/selinux/sepolgen.conf
file that contains the following:
SELINUX_DEVEL_PATH=/usr/share/selinux/strict/include
> > > https://bugs.gentoo.org/show_bug.cgi?id=467268
> > >
> > > - policycoreutils' sepolicy command requires yum python bindings
> > >
> > > Since yum is not available on Gentoo, is this really necessary?
> > >
> >
> > Unfortunate. I'd exclude it for now and hopefully we can work out
> > making it more distro independent.
>
> Certainly. I'll see if I can draft up something when I get more familiar
> with the required functionalities.
Well, I removed the yum dependency and the __extract_rpms method (+ the
call towards it). But trying to use sepolicy still gives me stacktraces that
I am having difficulties with to debug:
~$ sepolicy communicate -s portage_t
Traceback (most recent call last):
File "/usr/bin/sepolicy-2.7", line 464, in <module>
args = parser.parse_args()
File "/usr/lib64/python2.7/argparse.py", line 1688, in parse_args
args, argv = self.parse_known_args(args, namespace)
File "/usr/lib64/python2.7/argparse.py", line 1720, in parse_known_args
namespace, args = self._parse_known_args(args, namespace)
File "/usr/lib64/python2.7/argparse.py", line 1908, in _parse_known_args
positionals_end_index = consume_positionals(start_index)
File "/usr/lib64/python2.7/argparse.py", line 1885, in consume_positionals
take_action(action, args)
File "/usr/lib64/python2.7/argparse.py", line 1794, in take_action
action(self, namespace, argument_values, option_string)
File "/usr/lib64/python2.7/argparse.py", line 1090, in __call__
namespace, arg_strings = parser.parse_known_args(arg_strings, namespace)
File "/usr/lib64/python2.7/argparse.py", line 1720, in parse_known_args
namespace, args = self._parse_known_args(args, namespace)
File "/usr/lib64/python2.7/argparse.py", line 1926, in _parse_known_args
start_index = consume_optional(start_index)
File "/usr/lib64/python2.7/argparse.py", line 1866, in consume_optional
take_action(action, args, option_string)
File "/usr/lib64/python2.7/argparse.py", line 1794, in take_action
action(self, namespace, argument_values, option_string)
File "/usr/bin/sepolicy-2.7", line 63, in __call__
from sepolicy.network import domains
File "/usr/lib64/python2.7/site-packages/sepolicy/network.py", line 44, in <module>
portrecs, portrecsbynum = _gen_port_dict()
File "/usr/lib64/python2.7/site-packages/sepolicy/network.py", line 31, in _gen_port_dict
for i in info(sepolicy.PORT):
File "/usr/lib64/python2.7/site-packages/sepolicy/__init__.py", line 182, in info
dict_list = _policy.info(setype, name)
RuntimeError: No such file or directory
Any idea what this could be about?
Wkr,
Sven Vermeulen
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2013-04-27 7:47 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-23 14:34 [Ann] SELinux userspace release Joshua Brindle
2013-04-25 20:01 ` Sven Vermeulen
2013-04-25 23:15 ` Joshua Brindle
2013-04-26 6:36 ` Sven Vermeulen
2013-04-27 7:46 ` Sven Vermeulen [this message]
-- strict thread matches above, loose matches on Subject: below --
2014-05-06 17:57 [ANN] " Stephen Smalley
2014-05-10 12:03 ` Sven Vermeulen
2014-05-12 17:10 ` Daniel J Walsh
2013-10-30 18:08 Stephen Smalley
2013-10-30 18:33 ` Stephen Smalley
2012-09-24 23:52 Joshua Brindle
2012-02-17 3:37 [ANN} SELinux Userspace Release Joshua Brindle
2010-12-21 20:39 [ANN] SELinux Userspace release Chad Sellers
2010-05-25 21:11 Chad Sellers
2009-11-30 18:03 Chad Sellers
2009-07-31 14:18 Joshua Brindle
2009-04-03 18:05 [ANN] SELinux userspace release Joshua Brindle
2009-04-05 1:02 ` KaiGai Kohei
2009-04-06 17:09 ` Joshua Brindle
2009-04-07 13:13 ` KaiGai Kohei
2009-04-08 2:57 ` Eamon Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130427074628.GA23204@siphos.be \
--to=sven.vermeulen@siphos.be \
--cc=brindle@quarksecurity.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.