[CentOS] CentOS 6, selinux, and user modules

Sat Aug 2 02:33:23 UTC 2014
Harold Pritchett <harold at uga.edu>

I am having problems making selinux modules on CentOS 6.

Under CentOS 5, the following procedure works:

Procedure to make an seliux policy named mickey1...

# su -
# cd /var/log/audit
# rm *
# service auditd restart
# echo 0 > /selinux/enforce
# Do whatever selinux is blocking...
# echo 1 > /selinux/enforce
# touch /.autorelabel
# shutdown -fr now

log back on as root...

# cd /root
# mkdir tmp selinux
# cd tmp
# chcon -R -t usr_t .
# ln -s /usr/share/selinux/devel/Makefile .
# audit2allow -m mickey1 -i /var/log/audit/audit.log -o mickey1.te
# make -f /usr/share/selinux/devel/Makefile
# mv filename.te filename.pp ../selinux/
# cd ../selinux
# semodule -i filename.pp

This works fine on CentOS 5.  I have been doing this on half a dozen servers I support.

Unfortunately, on CentOS 6 I get the following:

# semodule -i mickey1.pp
libsepol.link_modules: Tried to link in a non-MLS module with an MLS base. (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule:  Failed!

Does anyone have any idea what I am doing wrong?  How do I get this to work on CentOS 6?  I've googled this until I'm blue in the face and can't seem to find the answer.

More info:

# cat /etc/redhat-release
CentOS release 6.5 (Final)

# uname -a
Linux xyzzy.plugh.net 2.6.32-431.20.5.el6.x86_64 #1 SMP Fri Jul 25 08:34:44 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

# rpm -qa | grep selinux
selinux-policy-minimum-3.7.19-231.el6_5.3.noarch
libselinux-devel-2.0.94-5.3.el6_4.1.x86_64
selinux-policy-targeted-3.7.19-231.el6_5.3.noarch
selinux-policy-doc-3.7.19-231.el6_5.3.noarch
libselinux-python-2.0.94-5.3.el6_4.1.x86_64
libselinux-utils-2.0.94-5.3.el6_4.1.x86_64
libselinux-2.0.94-5.3.el6_4.1.i686
selinux-policy-mls-3.7.19-231.el6_5.3.noarch
selinux-policy-3.7.19-231.el6_5.3.noarch
libselinux-2.0.94-5.3.el6_4.1.x86_64

Thanks,

Harold