[refpolicy] Problem about audit-test-2090 + refpolicy-2.20091117

[domg472@gmail.com (Dominick Grift)]

On 08/18/2010 03:24 PM, TaurusHarry wrote:
> 
> Hi Paul,
>  
>> Subject: Re: Problem about audit-test-2090 + refpolicy-2.20091117
>> From: paul.moore at hp.com
>> To: harrytaurus2002 at hotmail.com
>> CC: selinux at tycho.nsa.gov; refpolicy at oss1.tresys.com
>> Date: Wed, 18 Aug 2010 07:52:47 -0400
>>
>> On Wed, 2010-08-18 at 10:26 +0000, TaurusHarry wrote:
>>> Hi SELinux exports,
>>>
>>> When I am trying to build the lspp_test.pp provided by
>>> audit-test-2090/utils/selinux-policy/lspp_test.* along with the
>>> refpolicy-20091117 source code, I copied lspp_test.* files to
>>> policy/modules/apps/ and then modified policy/modules.conf to declare
>>> "lspp_test = module", but I run into below error message ...
>>
>> Is there any reason why you copied the lspp_test policy files to the
>> refpolicy sources and tried to build it there? I'm not completely sure
>> that this is the cause of your problem but I can say for certain that
>> this is not a tested procedure for building the lspp_test module.
>>
>> The normal procedure is to build the lspp_test policy module separately
>> from the system's main SELinux policy, e.g. build and install the normal
>> system's SELinux policy (refpolicy-20091117 in your case) and after you
>> have verified that everything is working correctly you can change to the
>> directory audit-test-*/utils/selinux-policy directory and use the
>> Makefile located their to build the lspp_test module.
>>
>  
> Many many thanks for your response!
>  
> Well, after I installed SELinux header properly then I did could enter audit-test/utils/selinux-policy/ successfully built lspp_test.pp there, however, I run into below error messages when trying to insert it:
>  
> [root/secadm_r/s0 at qemu-host selinux-policy]# semodule -i lspp_test.pp
> libsepol.expand_terule_helper: conflicting TE rule for (lspp_test_generic_t, sepgsql_db_t:db_table): old was user_sepgsql_table_t, new is sepgsql_table_t
> libsepol.expand_module: Error during expand
> libsemanage.semanage_expand_sandbox: Expand module failed
> semodule: Failed!
> [root/secadm_r/s0 at qemu-host selinux-policy]#
>  
> Very honestly speaking I am clueless about such error message, so I tried to compile lspp_test.pp along with refpolicy source code just to see if such problem could simply disappear. Do you have some comments or suggestions about it? 
> 

Basically i think your lspp_test.pp is incompatible to your version of
refpolicy. ( the type user_sepgsql_table_t used in refpolicy conflicts
with the type sepgsql_table_t in lspp_test.pp )

Or atleast so i think...

> 
> Moreover, the audit-test-2090 seems to be a little "old" than the refpolicy-2.20091117, for example, the lspp_test.te calls mls_file_read_up() rather than the expected mls_file_read_all_levels(), do you know if I could find some latest version of audit-test package or some latest version of the lspp_test.* files?
> 
>  
> 
> Thank you very much!
> 
>  
> 
> Best regards,
> 
> Harry
> 
>> -- 
>> paul moore
>> linux @ hp
>>
>>
>>
>> --
>> This message was distributed to subscribers of the selinux mailing list.
>> If you no longer wish to subscribe, send mail to majordomo at tycho.nsa.gov with
>> the words "unsubscribe selinux" without quotes as the message.
> 
> 
>  		 	   		  
> 
> 
> 
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100818/595c95c2/attachment.bin