[CentOS] CentOS 6, selinux, and user modules

Sat Aug 2 02:47:40 UTC 2014
Gardner Bell <gardnerbell at gmail.com>

Should you maybe recompile the module with the -M switch?
*-M,--mls* Enable the MLS/MCS support when checking and compiling the
policy module.


On 1 August 2014 22:33, Harold Pritchett <harold at uga.edu> wrote:

> I am having problems making selinux modules on CentOS 6.
>
> Under CentOS 5, the following procedure works:
>
> Procedure to make an seliux policy named mickey1...
>
> # su -
> # cd /var/log/audit
> # rm *
> # service auditd restart
> # echo 0 > /selinux/enforce
> # Do whatever selinux is blocking...
> # echo 1 > /selinux/enforce
> # touch /.autorelabel
> # shutdown -fr now
>
> log back on as root...
>
> # cd /root
> # mkdir tmp selinux
> # cd tmp
> # chcon -R -t usr_t .
> # ln -s /usr/share/selinux/devel/Makefile .
> # audit2allow -m mickey1 -i /var/log/audit/audit.log -o mickey1.te
> # make -f /usr/share/selinux/devel/Makefile
> # mv filename.te filename.pp ../selinux/
> # cd ../selinux
> # semodule -i filename.pp
>
> This works fine on CentOS 5.  I have been doing this on half a dozen
> servers I support.
>
> Unfortunately, on CentOS 6 I get the following:
>
> # semodule -i mickey1.pp
> libsepol.link_modules: Tried to link in a non-MLS module with an MLS base.
> (No such file or directory).
> libsemanage.semanage_link_sandbox: Link packages failed (No such file or
> directory).
> semodule:  Failed!
>
> Does anyone have any idea what I am doing wrong?  How do I get this to
> work on CentOS 6?  I've googled this until I'm blue in the face and can't
> seem to find the answer.
>
> More info:
>
> # cat /etc/redhat-release
> CentOS release 6.5 (Final)
>
> # uname -a
> Linux xyzzy.plugh.net 2.6.32-431.20.5.el6.x86_64 #1 SMP Fri Jul 25
> 08:34:44 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
>
> # rpm -qa | grep selinux
> selinux-policy-minimum-3.7.19-231.el6_5.3.noarch
> libselinux-devel-2.0.94-5.3.el6_4.1.x86_64
> selinux-policy-targeted-3.7.19-231.el6_5.3.noarch
> selinux-policy-doc-3.7.19-231.el6_5.3.noarch
> libselinux-python-2.0.94-5.3.el6_4.1.x86_64
> libselinux-utils-2.0.94-5.3.el6_4.1.x86_64
> libselinux-2.0.94-5.3.el6_4.1.i686
> selinux-policy-mls-3.7.19-231.el6_5.3.noarch
> selinux-policy-3.7.19-231.el6_5.3.noarch
> libselinux-2.0.94-5.3.el6_4.1.x86_64
>
> Thanks,
>
> Harold
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
Gardner Bell