* audit2allow: invalid binary policy
@ 2014-02-05 18:07 leo kirotawa
2014-02-05 18:39 ` Stephen Smalley
2014-02-06 9:12 ` Daniel J Walsh
0 siblings, 2 replies; 4+ messages in thread
From: leo kirotawa @ 2014-02-05 18:07 UTC (permalink / raw)
To: Fedora SELinux Users, SELinux
[-- Attachment #1: Type: text/plain, Size: 1104 bytes --]
Hi,
I'm having issues when use audit2allow in a Z machine with Fedora 19.
This is the output message it raises:
audit2allow -a
security: ebitmap: map size 1064 does not match my size 64 (high bit was
595)
invalid binary policy
As a solution I thought in recompile my whole policy and generate a new
/policy/binary, but this time I grabbed a ERROR: (serefpolicy-3.12.1)
/usr/bin/checkmodule base.conf -o tmp/base.mod
/usr/bin/checkmodule: loading policy configuration from base.conf
policy/modules/kernel/domain.te":256:ERROR 'unknown type tape_device_t used
in transition definition' at token ';' on line 22729:
#line 256
type_transition unconfined_domain_type device_t:chr_file tape_device_t
"ht00";
/usr/bin/checkmodule: error(s) encountered while parsing configuration
make: *** [tmp/base.mod] Error 1
Looking in my /dev/ I did not find any 'ht00' device, what makes me suppose
maybe it is the problem. Also looking in .te files I saw tape_device_t is
defined into storage.te, and in this point I have no idea what is cause of
this problem or how to fix it.
Have you ever seen it before?
[-- Attachment #2: Type: text/html, Size: 1428 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: audit2allow: invalid binary policy
2014-02-05 18:07 audit2allow: invalid binary policy leo kirotawa
@ 2014-02-05 18:39 ` Stephen Smalley
2014-02-06 9:12 ` Daniel J Walsh
1 sibling, 0 replies; 4+ messages in thread
From: Stephen Smalley @ 2014-02-05 18:39 UTC (permalink / raw)
To: leo kirotawa, Fedora SELinux Users, SELinux
On 02/05/2014 01:07 PM, leo kirotawa wrote:
> Hi,
>
> I'm having issues when use audit2allow in a Z machine with Fedora 19.
> This is the output message it raises:
>
> audit2allow -a
> security: ebitmap: map size 1064 does not match my size 64 (high bit was
> 595)
> invalid binary policy
That's a kernel bug. Should be fixed by commit b13800.
I think you can workaround by pointing audit2allow at the policy file
rather than having it read from the kernel,
audit2allow -p /etc/selinux/targeted/policy/policy.29 -a
> As a solution I thought in recompile my whole policy and generate a new
> /policy/binary, but this time I grabbed a ERROR: (serefpolicy-3.12.1)
>
> /usr/bin/checkmodule base.conf -o tmp/base.mod
> /usr/bin/checkmodule: loading policy configuration from base.conf
> policy/modules/kernel/domain.te":256:ERROR 'unknown type tape_device_t used
> in transition definition' at token ';' on line 22729:
> #line 256
> type_transition unconfined_domain_type device_t:chr_file tape_device_t
> "ht00";
> /usr/bin/checkmodule: error(s) encountered while parsing configuration
> make: *** [tmp/base.mod] Error 1
>
> Looking in my /dev/ I did not find any 'ht00' device, what makes me suppose
> maybe it is the problem. Also looking in .te files I saw tape_device_t is
> defined into storage.te, and in this point I have no idea what is cause of
> this problem or how to fix it.
>
> Have you ever seen it before?
That's unrelated and has nothing to do with what devices you have on the
system. Just some problem in the policy sources you are building or
perhaps the set of policy modules you have enabled.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: audit2allow: invalid binary policy
2014-02-05 18:07 audit2allow: invalid binary policy leo kirotawa
2014-02-05 18:39 ` Stephen Smalley
@ 2014-02-06 9:12 ` Daniel J Walsh
2014-02-06 15:14 ` leo kirotawa
1 sibling, 1 reply; 4+ messages in thread
From: Daniel J Walsh @ 2014-02-06 9:12 UTC (permalink / raw)
To: leo kirotawa, Fedora SELinux Users, SELinux
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/05/2014 07:07 PM, leo kirotawa wrote:
> Hi,
>
> I'm having issues when use audit2allow in a Z machine with Fedora 19. This
> is the output message it raises:
>
> audit2allow -a security: ebitmap: map size 1064 does not match my size 64
> (high bit was 595) invalid binary policy
>
audit2allow is trying to read policy from the kernel, their might be a bug there.
try audit2allow -a -p /etc/selinux/policy/policy.$VERSION
>
> As a solution I thought in recompile my whole policy and generate a new
> /policy/binary, but this time I grabbed a ERROR: (serefpolicy-3.12.1)
>
> /usr/bin/checkmodule base.conf -o tmp/base.mod /usr/bin/checkmodule:
> loading policy configuration from base.conf
> policy/modules/kernel/domain.te":256:ERROR 'unknown type tape_device_t used
> in transition definition' at token ';' on line 22729: #line 256
> type_transition unconfined_domain_type device_t:chr_file tape_device_t
> "ht00"; /usr/bin/checkmodule: error(s) encountered while parsing
> configuration make: *** [tmp/base.mod] Error 1
>
> Looking in my /dev/ I did not find any 'ht00' device, what makes me
> suppose maybe it is the problem. Also looking in .te files I saw
> tape_device_t is defined into storage.te, and in this point I have no idea
> what is cause of this problem or how to fix it.
>
> Have you ever seen it before?
>
>
>
>
>
>
>
> _______________________________________________ Selinux mailing list
> Selinux@tycho.nsa.gov To unsubscribe, send email to
> Selinux-leave@tycho.nsa.gov. To get help, send an email containing "help"
> to Selinux-request@tycho.nsa.gov.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlLzUfMACgkQrlYvE4MpobOkOACeNXUaLcyJ8V4jPMcGU3rNh/aO
F0MAoMkeafrYMdf17yvWv/ZUlb3GygyG
=x/gR
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: audit2allow: invalid binary policy
2014-02-06 9:12 ` Daniel J Walsh
@ 2014-02-06 15:14 ` leo kirotawa
0 siblings, 0 replies; 4+ messages in thread
From: leo kirotawa @ 2014-02-06 15:14 UTC (permalink / raw)
To: Daniel J Walsh; +Cc: SELinux, Fedora SELinux Users
[-- Attachment #1: Type: text/plain, Size: 2280 bytes --]
It works for me,
thank you for your quick response.
On Thu, Feb 6, 2014 at 7:12 AM, Daniel J Walsh <dwalsh@redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 02/05/2014 07:07 PM, leo kirotawa wrote:
> > Hi,
> >
> > I'm having issues when use audit2allow in a Z machine with Fedora 19.
> This
> > is the output message it raises:
> >
> > audit2allow -a security: ebitmap: map size 1064 does not match my size 64
> > (high bit was 595) invalid binary policy
> >
> audit2allow is trying to read policy from the kernel, their might be a bug
> there.
>
> try audit2allow -a -p /etc/selinux/policy/policy.$VERSION
> >
> > As a solution I thought in recompile my whole policy and generate a new
> > /policy/binary, but this time I grabbed a ERROR: (serefpolicy-3.12.1)
> >
> > /usr/bin/checkmodule base.conf -o tmp/base.mod /usr/bin/checkmodule:
> > loading policy configuration from base.conf
> > policy/modules/kernel/domain.te":256:ERROR 'unknown type tape_device_t
> used
> > in transition definition' at token ';' on line 22729: #line 256
> > type_transition unconfined_domain_type device_t:chr_file tape_device_t
> > "ht00"; /usr/bin/checkmodule: error(s) encountered while parsing
> > configuration make: *** [tmp/base.mod] Error 1
> >
> > Looking in my /dev/ I did not find any 'ht00' device, what makes me
> > suppose maybe it is the problem. Also looking in .te files I saw
> > tape_device_t is defined into storage.te, and in this point I have no
> idea
> > what is cause of this problem or how to fix it.
> >
> > Have you ever seen it before?
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________ Selinux mailing list
> > Selinux@tycho.nsa.gov To unsubscribe, send email to
> > Selinux-leave@tycho.nsa.gov. To get help, send an email containing
> "help"
> > to Selinux-request@tycho.nsa.gov.
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlLzUfMACgkQrlYvE4MpobOkOACeNXUaLcyJ8V4jPMcGU3rNh/aO
> F0MAoMkeafrYMdf17yvWv/ZUlb3GygyG
> =x/gR
> -----END PGP SIGNATURE-----
>
--
----------------------------------------------
Leônidas S. Barbosa (Kirotawa)
[-- Attachment #2: Type: text/html, Size: 3119 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-02-06 15:15 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-05 18:07 audit2allow: invalid binary policy leo kirotawa
2014-02-05 18:39 ` Stephen Smalley
2014-02-06 9:12 ` Daniel J Walsh
2014-02-06 15:14 ` leo kirotawa
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.