[CentOS] semodule - global requirements not met

Tony pthagonal at gmail.com
Thu Jul 19 22:08:04 UTC 2007

I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've
got it working well enough that I can switch selinux enforcing back on

I've done the usual-

- grab a chunk of the audit.log that is relevant to all the actions
that would be denied.

- do 'cat audit.log | audit2allow -M amavis' to generate the module

- amavis.te looks like:

module amavis 1.0;

require {
        class dir { add_name getattr read remove_name search write };
        class file { create execute execute_no_trans getattr lock read
rename unlink write };
        class filesystem getattr;
        class lnk_file read;
        type amavis_t;
        type fs_t;
        type mqueue_spool_t;
        type sbin_t;
        type sendmail_exec_t;
        type var_lib_t;
        role system_r;

allow amavis_t fs_t:filesystem getattr;
allow amavis_t mqueue_spool_t:dir { add_name getattr read remove_name
search write };
allow amavis_t mqueue_spool_t:file { create getattr lock read rename
unlink write };
allow amavis_t sbin_t:lnk_file read;
allow amavis_t sendmail_exec_t:file { execute execute_no_trans read };
allow amavis_t var_lib_t:dir search;

- now I do 'semodule -i amavis.pp' to load the module- but instead of
working I instead get this error:

libsepol.print_missing_requirements: amavis's global requirements were
not met: type/attribute amavis_t
libsemanage.semanage_link_sandbox: Link packages failed
semodule:  Failed!

Anyone know the next step I'm supposed to take to fix this? Previous
modules I've made have just happily loaded at that point...



More information about the CentOS mailing list