libsepol.print_missing_requirements: nsplugin's global requirements were not met: type/attribute execmem_exec_t /usr/bin/semodule_link: Error while linking packages make[1]: *** [validate] Error 1 make[1]: Leaving directory `/home/joe/src2/Linux_x86_64/BUILD/rpmbuild/ BUILD/serefpolicy-3.5.13' error: Bad exit status from /var/tmp/rpm-tmp.XoIIV1 (%install)
I'm trying to build an mls policy with nsplugin defined as a module in modules-mls.conf. nsplugin depends on execmem_exec_t which is defined in unconfined.te which is _not_ a module in modules-mls.conf, creating the error above.
Is there a better place to declare execmem_exec_t (userdomain.te?).
joe
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Joe Nall wrote:
libsepol.print_missing_requirements: nsplugin's global requirements were not met: type/attribute execmem_exec_t /usr/bin/semodule_link: Error while linking packages make[1]: *** [validate] Error 1 make[1]: Leaving directory `/home/joe/src2/Linux_x86_64/BUILD/rpmbuild/BUILD/serefpolicy-3.5.13' error: Bad exit status from /var/tmp/rpm-tmp.XoIIV1 (%install)
I'm trying to build an mls policy with nsplugin defined as a module in modules-mls.conf. nsplugin depends on execmem_exec_t which is defined in unconfined.te which is _not_ a module in modules-mls.conf, creating the error above.
Is there a better place to declare execmem_exec_t (userdomain.te?).
joe
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Yes, I think we should create a new app execmem.te and move stuff there.
Java, Mono, and other apps fall into this categorie, of applications that users execute that require execmem, execstack privs.
What we really need is
USERTYPE_t executes execmem_exec_t gets USERTYPE_EXECMEM_T == (USERTYPE_T + execmem and execstack)
Currently execmem_exec_t is just a rename of unconfined_execmem_exec_t
selinux@lists.fedoraproject.org
-
Daniel J Walsh -
Joe Nall