2007-08-08 (水) の 02:57 -0700 に Hal さんは書きました:
Hi So far it did not work. This is what I get: [root@localhost hal]# make -f /usr/share/selinux/devel/Makefile local.ppfe Compiling strict local module /usr/bin/checkmodule: loading policy configuration from tmp/local.tmp local.te:9:ERROR 'syntax error' at token 'logging_send_audit_msg' on line 81076: logging_send_audit_msg(local_login_t) } /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/local.mod] Error 1
All right. I've checked Tresys page and foud interface name is...
http://oss.tresys.com/docs/refpolicy/api/interfaces.html
logging_send_audit_msgs
Try this.
Solved?
I have an another problem on strict policy, so keep in touch. Cheers!
Hal
--- Louis Lam lshoujun@yahoo.com wrote:
Hi,
I'm trying to enable strict policy on fc7, need to do this too. But i got this error when I tried to compile the module
[root@localhost local_module_for_login]# make -f /usr/share/selinux/devel/Makefile local.pp Compiling targeted local module /usr/bin/checkmodule: loading policy configuration from tmp/local.tmp local.te:10:ERROR 'unknown class capability used in rule' at token ';' on line 80642: #line 10 allow local_login_t self:capability audit_write; /usr/bin/checkmodule: error(s) encountered while parsing configuration make: *** [tmp/local.mod] Error 1
Thanks & Rgds, Louis
----- Original Message ---- From: shintaro_fujiwara shin216@xf7.so-net.ne.jp To: Hal hal_bg@yahoo.com; fedora-selinux-list@redhat.com Sent: Tuesday, August 7, 2007 5:27:16 PM Subject: Re: Strict policy on FC6 and F7
2007-08-07 (²Ð) ¤Î 09:48 -0700 ¤Ë Hal ¤µ¤ó¤Ï½ñ¤¤Þ¤·¤¿:
Hallo
After a problem with the strict policy in FC6: firefox does not start under strict policy. No messages at all. I decided to check if firefox under
strict
policy on F7 works. I have installed F7 and enabled strict policy. But from now on I can no
longer
login in enforcing is on . When I enter username and password and I get permission denied even for root in GDM. In console I just get new
"username"
prompt.
I do not understand why firefox does not start in fc6 and can not longin on F7 under strict policy?
What might be wrong? Because, now you're in enforcing mode,
please disable SELinux and login. Install devel policy.
#yum install selinux-policy-devel
Please install this module.
#vim local.te
module local 1.0;
require { type local_login_t; class netlink_audit_socket { append bind connect shutdown ioctl getattr setattr shutdown getopt setopt write nlmsg_relay nlmsg_read create read }; }
logging_send_audit_msg(local_login_t) logging_set_loginuid(local_login_t)
#make -f /usr/share/selinux/devel/Makefile local.pp #semodule -i local.pp #semodule -l|grep local
Set SELinux enforcing.
Did it work?
Hal
Luggage? GPS? Comic books? Check out fitting gifts for grads at Yahoo! Search http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=...
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Send instant messages to your online friends http://uk.messenger.yahoo.com
Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. http://smallbusiness.yahoo.com/webhosting