Should you maybe recompile the module with the -M switch? *-M,--mls* Enable the MLS/MCS support when checking and compiling the policy module.
On 1 August 2014 22:33, Harold Pritchett harold@uga.edu wrote:
I am having problems making selinux modules on CentOS 6.
Under CentOS 5, the following procedure works:
Procedure to make an seliux policy named mickey1...
# su - # cd /var/log/audit # rm * # service auditd restart # echo 0 > /selinux/enforce # Do whatever selinux is blocking... # echo 1 > /selinux/enforce # touch /.autorelabel # shutdown -fr now
log back on as root...
# cd /root # mkdir tmp selinux # cd tmp # chcon -R -t usr_t . # ln -s /usr/share/selinux/devel/Makefile . # audit2allow -m mickey1 -i /var/log/audit/audit.log -o mickey1.te # make -f /usr/share/selinux/devel/Makefile # mv filename.te filename.pp ../selinux/ # cd ../selinux # semodule -i filename.pp
This works fine on CentOS 5. I have been doing this on half a dozen servers I support.
Unfortunately, on CentOS 6 I get the following:
# semodule -i mickey1.pp libsepol.link_modules: Tried to link in a non-MLS module with an MLS base. (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
Does anyone have any idea what I am doing wrong? How do I get this to work on CentOS 6? I've googled this until I'm blue in the face and can't seem to find the answer.
More info:
# cat /etc/redhat-release CentOS release 6.5 (Final)
# uname -a Linux xyzzy.plugh.net 2.6.32-431.20.5.el6.x86_64 #1 SMP Fri Jul 25 08:34:44 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
# rpm -qa | grep selinux selinux-policy-minimum-3.7.19-231.el6_5.3.noarch libselinux-devel-2.0.94-5.3.el6_4.1.x86_64 selinux-policy-targeted-3.7.19-231.el6_5.3.noarch selinux-policy-doc-3.7.19-231.el6_5.3.noarch libselinux-python-2.0.94-5.3.el6_4.1.x86_64 libselinux-utils-2.0.94-5.3.el6_4.1.x86_64 libselinux-2.0.94-5.3.el6_4.1.i686 selinux-policy-mls-3.7.19-231.el6_5.3.noarch selinux-policy-3.7.19-231.el6_5.3.noarch libselinux-2.0.94-5.3.el6_4.1.x86_64
Thanks,
Harold
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos