From: Andy Warner <warner@rubix.com>
To: SE Linux <selinux@tycho.nsa.gov>
Subject: building base policy on RHEL5
Date: Thu, 09 Oct 2008 23:19:02 +0200 [thread overview]
Message-ID: <48EE7546.2080006@rubix.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 2847 bytes --]
I am (SELinux newbie) working on a project which will require me to add
new object classes to my policy. After doing much reading, I find that
in order to add object classes I must modify and build the base policy
(??). My approach is to download the source for the policy, modify it
with the new object classes and TE rules, and build it. My first step is
to try and simply build the strict (or any) policy from the sources. I
get a syntax error when trying to build the policy. My steps are:
rpm -i selinux-policy-2.4.6-137.1.el5.src.rpm
cd /usr/src/redhat/SPECS
rpmbuild -bp selinux-policy.spec
cd /usr/src/redhat/BUILD/serefpolicy-2.4.6
make conf
make
which results in the following failure:
/usr/bin/checkpolicy policy.conf -o policy.21
/usr/bin/checkpolicy: loading policy configuration from policy.conf
policy/modules/services/fail2ban.te:59:ERROR 'syntax error' at token
'corenet_tcp_connect_whois_port' on line 439903:
corenet_tcp_connect_whois_port(fail2ban_t)
checkpolicy: error(s) encountered while parsing configuration
make: *** [policy.21] Error 1
some possibly relevant packages are:
checkpolicy.i386 1.33.1-4.el5
installed
policycoreutils.i386 1.33.12-14.el5
installed
policycoreutils-gui.i386 1.33.12-14.el5
installed
policycoreutils-newrole.i386 1.33.12-14.el5
installed
selinux-policy.noarch 2.4.6-137.1.el5
installed
selinux-policy-devel.noarch 2.4.6-137.1.el5
installed
selinux-policy-mls.noarch 2.4.6-137.1.el5
installed
selinux-policy-strict.noarch 2.4.6-137.1.el5
installed
selinux-policy-targeted.noarch 2.4.6-137.1.el5
installed
libselinux.i386 1.33.4-5.el5
installed
libselinux-devel.i386 1.33.4-5.el5
installed
libselinux-python.i386 1.33.4-5.el5
installed
libsemanage.i386 1.9.1-3.el5
installed
libsepol.i386 1.15.2-1.el5
installed
libsepol-devel.i386 1.15.2-1.el5 installed
setools.i386 3.0-3.el5 installed
setools-devel.i386 3.0-3.el5
installed
setools-gui.i386 3.0-3.el5
installed
setroubleshoot.noarch 2.0.5-3.el5
installed
setroubleshoot-plugins.noarch 2.0.4-2.el5
installed
setroubleshoot-server.noarch 2.0.5-3.el5
installed
Any help would be greatly appreciated,
Andy
[-- Attachment #2: Type: text/html, Size: 6728 bytes --]
next reply other threads:[~2008-10-09 21:19 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-09 21:19 Andy Warner [this message]
2008-10-09 21:46 ` building base policy on RHEL5 Dominick Grift
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48EE7546.2080006@rubix.com \
--to=warner@rubix.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.