-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/17/2011 08:25 AM, Philippe Naudin wrote: > Hello, > > I am trying to create a custom policy, but with no succes : > > $ cat <<EOF> foo.te > module local 1.0; > > require { > type httpd_sys_script_exec_t; > type httpd_sys_script_t; > class lnk_file read; > } > > #============= httpd_sys_script_t ============== > allow httpd_sys_script_t httpd_sys_script_exec_t:lnk_file read; > EOF > > $ checkmodule -M -m -o foo.mod foo.te > checkmodule: loading policy configuration from foo.te > checkmodule: policy configuration loaded > checkmodule: writing binary representation (version 6) to foo.mod > > $ semodule_package -o foo.pp -m foo.mod > $ echo $? > 0 > # So far, so good. But : > > $ checkmodule -b foo.pp > checkmodule: loading policy configuration from foo.pp > libsepol.policydb_read: policydb magic number 0xf97cff8f does not match > expected magic number 0xf97cff8c or 0xf97cff8d > checkmodule: error(s) encountered while parsing configuration > # And trying to "semodule -i foo.pp" fails completely. > Wrong command. semodule -i foo.pp Is what you want to execute. I am not sure what checkmodule -b foo.pp will do. > So here come my questions : > > - is there a boolean to allow httpd to execute a script "symlinked" ? > (scontext=system_u:system_r:httpd_sys_script_t:s0 > tcontext=system_u:object_r:httpd_sys_script_exec_t:s0 tclass=lnk_file) > - can someone reproduce the error described above ? > - any clue on how to fix it ? > > (For the curious one : I am fighting svn hooks on a filesystem > mounted "-o noexec".) > > Additional infos : > $ rpm -qa 'kernel*' '*selinux*' > kernel-2.6.18-194.26.1.el5 > kernel-2.6.18-194.32.1.el5 > kernel-devel-2.6.18-194.26.1.el5 > kernel-devel-2.6.18-194.32.1.el5 > kernel-headers-2.6.18-194.32.1.el5 > libselinux-1.33.4-5.5.el5 > libselinux-devel-1.33.4-5.5.el5 > libselinux-python-1.33.4-5.5.el5 > libselinux-utils-1.33.4-5.5.el5 > selinux-policy-2.4.6-279.el5_5.2 > selinux-policy-devel-2.4.6-279.el5_5.2 > selinux-policy-targeted-2.4.6-279.el5_5.2 > $ uname -a > Linux despina 2.6.18-194.26.1.el5 #1 SMP Tue Nov 9 12:54:20 EST 2010 > x86_64 x86_64 x86_64 GNU/Linux > > Thanks, > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk00mUYACgkQrlYvE4MpobNtVQCg5M3XXnLm/o3DDyS8n6ex+yUW 1EsAnA66Y0XUPCp4z3pzIdlcyWy3vQgE =bcpK -----END PGP SIGNATURE-----